detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 04 Feb 2023 17:44:00 GMT
Age: 66783
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f506626b3a9a43de2be4febe042f1af6
1b10bfac9b0447184efde4dc55c351fc771c0f8d
b2cf89da9ff93d3399961f3c9fa7e7b0d65baa90034a1c9b26f459597a0afaeb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2CF89DA9FF93D3399961F3C9FA7E7B0D65BAA90034A1C9B26F459597A0AFAEB"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6267
Expires: Sun, 05 Feb 2023 14:01:30 GMT
Date: Sun, 05 Feb 2023 12:17:03 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6625
Expires: Sun, 05 Feb 2023 14:07:28 GMT
Date: Sun, 05 Feb 2023 12:17:03 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
200 OK 42 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 47f34370b59facd3fff35b57e5de967a
accba78155a1d1dba962d5766a18c8520838c02d
db67e5683702e96db012f3e872a91768963f120cc34b81162309c36683b2c14c
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 3n-mFl4eVN-6NY5pCzrSxCvPJAN8Yl5tHGUYEMVcXuNrMKwwB8fcsg==
content-encoding: gzip
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 12:14:59 GMT
age: 761
content-type: application/json
content-length: 42521
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17332
Expires: Sun, 05 Feb 2023 17:05:55 GMT
Date: Sun, 05 Feb 2023 12:17:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: erIkkW0iGcGXZfdNsWZL0sY2qu3i+HarUASSijTxOYIuMmpm9KSnQVXOy5EIl5s27b8J87yGvQE=
x-amz-request-id: FY85CBT0TJY63FDY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:36:57 GMT
age: 2406
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Sun, 05 Feb 2023 13:01:38 GMT
Date: Sun, 05 Feb 2023 12:17:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 11:33:54 GMT
content-type: application/json
age: 2589
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 12:17:03 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 11:49:07 GMT
age: 1677
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5800
Expires: Sun, 05 Feb 2023 13:53:44 GMT
Date: Sun, 05 Feb 2023 12:17:04 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 7deeacb2571667100c86fde6d2a08c73
82bc5391b61a60371fbf36be05f7f8e9da06ec51
cd10800191ca89ba5e25439d6a9b8d562542395a07816fc6d337ca2faef287b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3955
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:04 GMT
Etag: "63de8df2-1d7"
Last-Modified: Sun, 05 Feb 2023 11:11:09 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.dcocsp.cn/
200 OK 471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 542b45b64f14bdc7fd147142fea0b4aa
c32ce619bdcab43c88896ab236540f72f37ef468
bcfac699f38c8afb72b5f5200d7381677697c93b12eb134a55c90430fd2cd48a
POST / HTTP/1.1
Host: ocsp.dcocsp.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sun, 05 Feb 2023 11:29:55 GMT
Last-Modified: Sat, 04 Feb 2023 14:24:41 GMT
ETag: "63de6aa9-1d7"
Expires: Mon, 06 Feb 2023 14:24:41 GMT
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675596595
Via: cache21.l2de2[0,0,200-0,H], cache20.l2de2[1,0], cache7.se1[22,22,200-0,M], cache7.se1[25,0]
Age: 2829
X-Cache: MISS TCP_REFRESH_MISS dirn:5:451843055
X-Swift-SaveTime: Sun, 05 Feb 2023 12:17:04 GMT
X-Swift-CacheTime: 771
Timing-Allow-Origin: *
EagleId: 2ff62c9b16755994242796523e
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sun, 05 Feb 2023 12:17:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RF5mZvP0T4r1WNDKoNf5EQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BmmsTQdVxIIEt5+pFCcs01JuvgY=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675587435542%22
200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675587435542%22
IP
File type JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Hash fc02eb516146fc66f27da182c1094f79
a2afa94de0d8029fdef3385a885ba53509379c3b
438c5b000660c1c098bf26cc1551955bf26ba6d364f11e8c80700b27bea1caee
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221675587435542%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Sun, 05 Feb 2023 12:02:06 GMT
age: 898
last-modified: Sun, 05 Feb 2023 08:57:15 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
200 OK 19 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
IP
ASN #54994 QUANTILNETWORKS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (731), with CRLF line terminators
Hash cfe6b4f590c29dab123351c2fd2e0a08
0cce80e580bcb7b37f9f0820ae66048ab369ed0b
2cd42e36c65097c472c92c88bb96720ea1b81774c7659d89471acc80eb6d1ad0
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET / HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 19073
Connection: keep-alive
Expires: -1
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-cf5bcb2d-294d-4592-89cf-91a1d81106ef' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Content-Language: en-US
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Akamai-Transformed: 9 22621 0 pmb=mTOE,1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:0|g:8bb017a7-7f31-49e7-a37f-573c89d728fe; Expires=Sun, 05-Feb-2023 12:17:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:0|g:8bb017a7-7f31-49e7-a37f-573c89d728fe|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894; Expires=Sun, 05-Feb-2023 12:17:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:0|i:206894|e:76; Expires=Sun, 05-Feb-2023 12:17:34 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202302050417041581745277; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:04 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; path=/; Httponly; Secure
WesdAksn=A8IrgiGGAQAAKForOs3N21t_clvQVUqhHxdqFvankjepAythwoGAAH1lO4VjAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|8fced5bf7c0d5f08651377293dd64ea763b84db3; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=cfp+C10FGGdYoW0+Eh43g1jTNntltsZh8Q%2fJQJLsMOBDII9k47rqaVhowPO9JQVz; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:04 GMT;Httponly; Secure
_abck=ABA49E495984ADF466F417118E31720A~-1~YAAQvWpkX9kZbsWFAQAA5iyCIQnUqTDjqh7YqOvKcWIgdhKLg9B9gVHKs0s7Fx/1BI8CBH2iaGTPghhItYMR60WVxfZ2OBwH4dGfecO8DT/swDd+RVagmTY2ninGAbBy9PqEsHFdl3yWK5sdyqhzytkJC6BuuX6y7r7YlEc5mb5Ms4UsGxXuCayZLBQ1B3f6a1tczzbx62fqSNSDx9N6gFZn/vaZuOopHCxuJi/jKXiF34fB91pHjFlqYY9afaFheZiqwSqSy8f8W72yQ6r7uupCrpgz7e9VUZIqQWjCBiBmo5DdtJT/tY4QvWv/UYNn48zs2aok3qekr6RVuWd4URk9XdP68lMsHlWR9/LesB7g84qoQwfiPVRmaf8W5Wd8jw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:04 GMT; Max-Age=31536000; Secure
bm_sz=48E75335DEDF2D3E99AA16AEEA325E82~YAAQvWpkX9oZbsWFAQAA5iyCIRIIVtmuNdUwy6niyOBNiiVaGJFSv9fqh3v4ibvHo/XqUPkUGNR9Z0JQDQgredw40yBEvI7Tj/BFWvfLhcRZhcWa6CbWZ7x/Qa9MZ4uYxWKVQV78y/uIGi5EXmpoBCqAqsm9uhPNOyJ9NZt54Vcu6Bjz9wE3lM6NIw2KE0XMyL9EHGGW9/mqjndhK6I6FVDrS4G0DAi+rHOJ7cIFgTFftM4ifc2XSxpzSrK6WBlbEiCUCzA2wZrwv1AOrd1+ft6TDTU3d0yx/tOnsdPw2l7zx+z8SOV9~3753285~3686710; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:04 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15467-19711
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675449433343&_since=%221666204638208%22
200 OK 27 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675449433343&_since=%221666204638208%22
IP
File type JSON data\012- , ASCII text, with very long lines (27294), with no line terminators
Hash 1e630048e362b77c6ad38fd0ea8e4288
15cdb480e906413a492e7269c43f64f0f8956ff6
a6071af1e1185a063481aca6541ad39a5b7f02d67a990e33f6f02c8782f98d53
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675449433343&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 27294
via: 1.1 google
date: Sun, 05 Feb 2023 11:41:06 GMT
age: 2158
last-modified: Fri, 03 Feb 2023 18:37:13 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: e/tOa/pH1KvAijEuzLKqh1LiSiC6CsIUFnrpcbWW0HVU5BZhQpSZzx32aDpFPTr2dmXw4Oed1T4=
x-amz-request-id: PYV178QP651S7VFF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:34:41 GMT
age: 2543
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
200 OK 2.5 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/first_time_experience-account_summary.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash e3dfb8e67322de6a7be8c293043e69e1
9c2339e0b48afdfdcd908f78777be88c133d2aef
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
GET /assets/images/rwd/first_time_experience-account_summary.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618287e9-14da"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 2496
content-type: image/webp
cache-control: private, no-transform, max-age=985336
expires: Thu, 16 Feb 2023 21:59:20 GMT
date: Sun, 05 Feb 2023 12:17:04 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
200 OK 35 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b4461eb744601a2ca1764ee8245185fe
8666c2c62e249f94da9721df78c7ce0cfbb587b5
e04eef1b087076cfd56ee5728e50ef2993dc739f5d1934c3196c7bf88019d386
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_b_mv_0723_3954_b_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "62057fd1-14ef3"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 35078
content-type: image/webp
cache-control: private, no-transform, max-age=914477
expires: Thu, 16 Feb 2023 02:18:21 GMT
date: Sun, 05 Feb 2023 12:17:04 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
200 OK 1.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_logo_220x23.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c5f6eb132665afa77e8ac7a1a707e951
70d65ab0dcfaace4c1d8bbb772af4fd7c6f66c80
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
GET /assets/images/rwd/wf_logo_220x23.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61bcfcce-10c2"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 853
x-check-cacheable: YES
content-length: 1710
content-type: image/webp
cache-control: private, no-transform, max-age=848826
expires: Wed, 15 Feb 2023 08:04:10 GMT
date: Sun, 05 Feb 2023 12:17:04 GMT
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
200 OK 18 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/homepage_iaoffer.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (31326), with NEL line terminators
Hash 3c62755a932398b8a5d7d8cde9413fb3
8e0c91ea864ec3f0ff9385d6ddc6eb2c0987f8d4
980ef0d6507b3822543dff672ffcb8f9a51930638d23f417daaea928695881ae
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/homepage_iaoffer.js HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:04 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 17856
Connection: keep-alive
Expires: Sun, 05 Feb 2023 08:21:25 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: W/"6398ae8a-d8e9"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01uY9168:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15447-14528
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
200 OK 24 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/css/homepage-ui/ps-homepage.css
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab14fc94e9e3eda1147b33096ce78036
d2dc912ef40215c52466a63f55b3fcb274b1a3b9
fbdda4705c51998c24e57f486500422fdf801052b612b7d43272a0895e245207
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /ui/css/homepage-ui/ps-homepage.css HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:04 GMT
Content-Type: text/css
Content-Length: 23639
Connection: keep-alive
Expires: Sun, 05 Feb 2023 12:34:14 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: W/"6398ae8a-29ee7"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15569-4799
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
200 OK 73 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
ASN #54994 QUANTILNETWORKS
Hash c6dd15c3ee5a4bcd9d8e8a0c3d52fd41
ebba299bae409a0681ee4e00cc72c1458f73e049
ead22de7b5e9317ca777f867211c757f63e6efee96eab3baa6f9126e39a78659
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:04 GMT
Content-Type: application/javascript
Content-Length: 72934
Connection: keep-alive
Last-Modified: Mon, 05 Dec 2022 18:21:50 GMT
ETag: "c065b170d98e55180d9d0ec22203687e78580f5a9c71964c6b1b97f01595bfe0"
Content-Encoding: gzip
Cache-Control: max-age=21600
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DBqM%2fZU9cXP2Zr75uWwWrg%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=9CD8059492C32226E39C47652CA8FD17~-1~YAAQvWpkX+AZbsWFAQAAuy2CIQmv/O0Qcgz9p/vK7qkSPBhZI25xF03cw77thVK/mwghBLJ1I3V1m2GmrWoCJoQxZ/FWuaHxhXMO4FY5phruHfDn88DvIp0bquHHn5UYiHXHsC2l5yXpz7SMz0fMoId8G9Ov81PukyBMXKsS8+hyb6IekRb5f1OGCgthR78Z96b8tNY+8BErFtXFf37FeYBF8eNmDIrxYQZhdTsAOgwLUhA7IsPqTegs4q11zrGBnI3zsJyvUKlm3jnRr+zl560CQ17zXZgmRwlPzI91ZeEyo9GKj5bNFRdBSQNIRXIowIgcK+Snmt70iftNt2saP5WxpWj+cTk7zU33yOMRgYUvylHPwHCcSWODaNgUyqvl0w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:04 GMT; Max-Age=31536000; Secure
bm_sz=CB9338A2CC72F6D1130569B999120C3E~YAAQvWpkX+EZbsWFAQAAuy2CIRLz6jFqvk4HsuQsLHB8V3MOkNGuzf8ppDOzn4lqQeCvOtay/hTNggYIdm866jLicPi2zYG0al92cUcwA+kACQObQxwHbiTbT2PCu9rJ/Bri7pPeVGDMw199lWaR/FEFeWmLNW+9TfB5E65NW+Zvw+J7k01z8SlX4XUZuHZBv4dCo/T/LZv6s3POFnQHJKry+ysSQKphtzRV7oCNQbscAKlEpnuu9ReYw/CFKbJHhSopyvYY6gcZdcHmvDP6K5YQuEP1CP1P9XzrL5cSDVjrS/F7ZZ+B~3753285~3686710; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:04 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15556-39401
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 11:36:17 GMT
content-type: application/json
age: 2448
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
200 OK 57 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/ui/javascript/homepage-ui/ps-homepage.js
IP
ASN #54994 QUANTILNETWORKS
File type Unicode text, UTF-8 text, with very long lines (65500), with no line terminators
Hash 55cf5abb917b734f8783436c20210ab0
83005f65ae0fb0cd0bd2576a330c8a4b9ddbb9fa
7e1678f1d42ace98528997082d53caedc0b14848feee15137bd786c3ba1bc012
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /ui/javascript/homepage-ui/ps-homepage.js HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 57254
Connection: keep-alive
Expires: Sun, 05 Feb 2023 08:21:25 GMT
Last-Modified: Tue, 13 Dec 2022 16:55:38 GMT
ETag: "6398ae8a-2b63b"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01cV0174:5 (Cdn Cache Server V2.0), 1.1 VM-ARN-01XDr43:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15569-4813
ocsp.digicert.com/
200 OK 471 B IP
Hash c50833236d5aa93427671e7750d741aa
41ea00cd0ad0b3df0ee0a48ee174304371425c3f
954fcc0e520f2ed910abb1650f9b834d31e67549b1b09adf56c495b7ec57466a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6012
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:05 GMT
Last-Modified: Sun, 05 Feb 2023 10:36:53 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
200 OK 901 B URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/appdEUMConfig.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1952), with no line terminators
Hash 5dcc7c101ced74367609685d577093f6
f0d8214335e3c33b634048b992afd536f5bd3e43
10aab16ccfb5374425dc6ee64453a7fe6d7b6dfa47ab65779f42c7db740da1ef
GET /assets/js/wfui/appdynamics/appdEUMConfig.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 20 Jan 2022 02:38:25 GMT
Vary: Accept-Encoding
ETag: W/"61e8cb21-7a0"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 901
Date: Sun, 05 Feb 2023 12:17:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=gRmeFuMo1GecIioDFdlxtw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
200 OK 11 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/container/wfui-container-bottom.js
IP
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (31790)
Hash 6d79a0dbc6ea2602aa38bbf53e43124e
8b53e45df3e4aea81cbfaa90081f6795bcfe39fc
d2aa003ecdd6c31e12964104bd23498a60e94fa2d163c6d1ff285db59f61bb6a
GET /assets/js/wfui/container/wfui-container-bottom.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Sat, 12 Feb 2022 17:58:28 GMT
Vary: Accept-Encoding
ETag: W/"6207f544-7c61"
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 11076
Date: Sun, 05 Feb 2023 12:17:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=iQknaTIvmGUw%2fV8LkMJbrw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
200 OK 4.3 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?single
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (9269)
Hash 2ecbc9d32871dfba9ed09b3e6ff79684
cd66ca670df8db93bec1cf6ef3dd4e4da255a01b
d27081fcc8f1650ffdc54e90b63eb987b9b3210b0a06e7532102880eacb55ba9
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?single HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 4285
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 12:17:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A84tgiGGAQAAZJd10bNPa1u5ww8nuDei1RuIBMbWGoWxqjHPGVRvJZs37-ybAaOrhiucuDv8wH8AAEB3AAAAAA|1|0|2ce25f6ec2dd85b9f1bc4e221dcd6ec3d53bb5c2; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=FmJ19axrS9cMyO8pGQiQNQPyv+tDY4cdStNsl91i0U5bnEQ%2fLBkAev9QV2+daPwf; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:04 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e40_VM-ARN-01cnE31_15467-19718
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1070bda5398d0e4012c7ebe62828e6ee
e072659271bcce877688f7244e58cad847ce57f9
026369f2eac79a5506de6e2fa9879298ec7c63882cbff6a4cb49688783de9485
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "026369F2EAC79A5506DE6E2FA9879298EC7C63882CBFF6A4CB49688783DE9485"
Last-Modified: Sun, 05 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3063
Expires: Sun, 05 Feb 2023 13:08:08 GMT
Date: Sun, 05 Feb 2023 12:17:05 GMT
Connection: keep-alive
www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
200 OK 49 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/sprite/responsive-sprite-v7.png
IP
File type PNG image data, 1187 x 406, 8-bit colormap, non-interlaced\012- data
Hash 4576998e5446061faba47c4c609823e0
3beff60a8beab6ef65403e7bc02f996509c737a2
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
GET /assets/images/sprite/responsive-sprite-v7.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 48569
last-modified: Thu, 21 Jul 2022 20:04:58 GMT
etag: "62d9b16a-bdb9"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=2563363
expires: Tue, 07 Mar 2023 04:19:48 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-rg.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107\012- data
Hash 0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
GET /assets/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5798"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10101917
expires: Fri, 02 Jun 2023 10:22:22 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
200 OK 23 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-sbd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107\012- data
Hash 83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
GET /assets/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5848"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10101921
expires: Fri, 02 Jun 2023 10:22:26 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-bd.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 22172, version 1.13107\012- data
Hash f0307736c3a6ef356722f1dc3e9fa3f4
e29ea90ba786f0e08caa770dcfdfe923f619bebd
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
GET /assets/fonts/wellsfargosans-bd.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 22172
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-569c"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=9945094
expires: Wed, 31 May 2023 14:48:39 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
200 OK 22 kB URL HTTP/2 www17.wellsfargomedia.com/assets/fonts/wellsfargosans-lt.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21636, version 1.13107\012- data
Hash 1a2740c8df445989e4ee5f5396b6474c
a3f8545619fdd5b2a481952cd9e2c7b169bb43a6
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
GET /assets/fonts/wellsfargosans-lt.woff2 HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 21636
last-modified: Fri, 03 Sep 2021 13:01:20 GMT
etag: "61321ca0-5484"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubdomains;
x-content-type-options: nosniff
accept-ranges: bytes
unused62: 8096267
cache-control: max-age=10101906
expires: Fri, 02 Jun 2023 10:22:11 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dguZsNlgt0E45bClSnS3eklmiykznZzPHsVWHNdaaMzEAaRGO4cZgbeZnkXLWgpuuMWxb90zRhY=
x-amz-request-id: 7YF2ZWT19PGFW512
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Sat, 04 Feb 2023 15:34:39 GMT
age: 74546
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/hp/utag.js
200 OK 55 kB URL HTTP/1.1 static.wellsfargo.com/tracking/hp/utag.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (15181)
Hash 3696ebaee8a4dce7a09695dd80b3aef8
0dabf76fc893ffa3d29ba90d81cc03708b798431
0987f794748b29c49ec899c0d7599f225ce1252f243ab35d168a8d853b1aceae
GET /tracking/hp/utag.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 07:23:58 GMT
Vary: Accept-Encoding
ETag: W/"63cf878e-322c5"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 54818
Date: Sun, 05 Feb 2023 12:17:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=z2GyhoK7ijx3R1tOkmUpsg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
File type JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash 5fbaf2b7815ccde4e006732f60cf45c3
358f788e1494eb1777de83a84aa1e831c6189ec9
d95422b3bbfa32ed668a90e5db3f3dd703e46d69e169e82a1e014b64b6b2d703
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Sun, 05 Feb 2023 11:18:20 GMT
age: 3525
last-modified: Sat, 04 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22
200 OK 52 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22
IP
File type JSON data\012- , ASCII text, with very long lines (52267), with no line terminators
Hash 06e189dc52881e7f5616b0214ff59542
16bd38b5d24dbc7fb6d44561cad597d6f555cf52
3b59d876391dc2db99e43edcffa3ed5a184468b0c937ef6293fc392ed7426df8
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1675468864323&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52267
via: 1.1 google
date: Sun, 05 Feb 2023 10:37:51 GMT
age: 5954
last-modified: Sat, 04 Feb 2023 00:01:04 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2650
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=osXOma+Pj32W+koUkWROsQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=osXOma+Pj32W+koUkWROsQ%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=A05F387C9EE615B870CDA3F41AEFB231~-1~YAAQvWpkX/EZbsWFAQAAWy+CIQk3sp56wef5krTNClIbv7Sd68D1SxVqDcsEnQ23m/6G+wHgaQCjXiCNdUZQ4NMYgenzyWwyUlRPhm5vswQEd9k4rrxsSv0S573XVnt0tqLNSqAhf3Ne867MQi1SRCbBNOCW7AylsjhcKkI0ue3hxk7M833tCm71AfT4kL6hU4fpUx38Qx2hWalJgjU2T2HxjPBW8PY0dN/TTWDFKApOFp9ac9UaD1iM8Ue7E3fIPSCpzC8DPXjRzBF2R103wc9f/YXoqq0NgJ1+uIOBqhDUJhxwLhVEPG9jMjBZoLIKGDjRCuoXaKhLVyGah8r1mGyAP/WSUHxx1BKE85S3OaDn2S1hwYwnph6gmZI1gqYBFg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:05 GMT; Max-Age=31536000; Secure
bm_sz=B07E594F7C7527EBDF51790D200020D0~YAAQvWpkX/IZbsWFAQAAWy+CIRJYUJtmqBOA30Zsz1S6m4nlu7GMCgZbjytFo3Vx3cJlaRDndtPteALayRlYDZgYglRul2wdxzfpPJS91sMjJD1+GQP/FKd23S/PR44RhdlpPWKoirKVYt+6IKGYyzLALjXfH0LhYHStQaIsYXn3F4/oBOE/fx+ACVHb2PBnqi7sWIJydV4orAmDTvZNvzEPhf99X3y6TYkL4TaN3I06mkxhlJtBiQRhar+YtrWVzJWLw2jhgWJx0KzP2xuTAlBNXtuT0NNIrWEm0PgC2y6erInhqc3S~4272196~4276787; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:05 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e41_VM-ARN-01cnE31_15467-19725
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
200 OK 306 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?1js
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65356)
Size 306 kB (305866 bytes)
Hash 0a73606e47133a2d2a13f7b5e1750e3c
8faaf759f275f0b66491df1c5077939099282044
cadbb05fc74ea8549b09ebed74da9dddf5499847acbcfaf7775b67a48abfc1ed
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
GET /auth/login/static/js/general_alt.js?1js HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 12:17:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: DCID=drdfhwzln3kkNNJN8qU00gbNZ6sIY7eCL6VUvdiqFvIXk7dK3N5cO8wYRd3dVTOh; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e41_VM-ARN-01cnE31_15569-4830
detectportal.firefox.com/success.txt?ipv4
200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 04 Feb 2023 17:44:00 GMT
Age: 66785
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
200 OK 2.1 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
File type JSON data\012- , ASCII text, with very long lines (2144), with no line terminators
Hash 5cfd74fcbede0ee061689b95c597b11b
75d870f627cdc06f4cb7fa47751ae56c740da850
c68708f43d2bf28e3d619542c6fd7ab408f034a7f87de731ed11356efc4453eb
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2144
via: 1.1 google
date: Sun, 05 Feb 2023 12:08:01 GMT
age: 544
last-modified: Thu, 02 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
IP
File type JSON data\012- , ASCII text, with very long lines (22471), with no line terminators
Hash 86e5267005f7001a7a7fb7f25d7e02b9
67ea12312364541e026dfd85800ce5f4280601c5
9c469d6cd61cb4f4e3f06e980f86f3ee16cb4ec776ed105998810bcabbe12969
GET /v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22471
via: 1.1 google
date: Sun, 05 Feb 2023 12:05:35 GMT
age: 690
last-modified: Thu, 02 Feb 2023 15:52:59 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675459018632&_since=%221666279968541%22
200 OK 9.2 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675459018632&_since=%221666279968541%22
IP
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash cd112f1acb59ef6e59e09c0effd8ce2a
bc104cd92adc32a8f695300d2b0cc69c2776f6af
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675459018632&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 70181
via: 1.1 google
date: Sun, 05 Feb 2023 11:20:50 GMT
age: 3375
last-modified: Fri, 03 Feb 2023 21:16:58 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/icons/icon-hires_192x192.png
IP
File type ISO Media, AVIF Image\012- data
Hash 4febe8c61db195a61e1bf6366a2dba1e
6b66fc1349bd2d08b0d9046a2f0c33d1b2925534
964596930b998b90463258b346ce36d991a0f28e7054770a1decfff35a9cda0c
GET /assets/images/icons/icon-hires_192x192.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6116f9a6-dcf"
last-modified: Tue, 17 Jan 2023 06:26:40 GMT
server: Akamai Image Manager
content-length: 1012
content-type: image/avif
cache-control: private, no-transform, max-age=929292
expires: Thu, 16 Feb 2023 06:25:17 GMT
date: Sun, 05 Feb 2023 12:17:05 GMT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
200 OK 4.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
IP
File type JSON data\012- , ASCII text, with very long lines (4318), with no line terminators
Hash f907735e3715dc6d1879d3a6acc28609
9ef4d7f2c5b9b4583d992295b72d5f3a635b065e
b4977e583a6818ad9317b1d87e0536bdbbee1d11ae7a911f65c415f385739ba1
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 4318
via: 1.1 google
date: Sun, 05 Feb 2023 12:10:27 GMT
age: 398
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AACKciGGAQAAikoR8uSQZfq-2LTHMox07sDTzLzlJX9u7BLHLcJB8BYJw3ke&X-G2Q3kxs3--z=q
200 OK 148 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/auth/login/static/js/general_alt.js?async&seed=AACKciGGAQAAikoR8uSQZfq-2LTHMox07sDTzLzlJX9u7BLHLcJB8BYJw3ke&X-G2Q3kxs3--z=q
IP
ASN #54994 QUANTILNETWORKS
File type ASCII text, with very long lines (65536), with no line terminators
Size 148 kB (147806 bytes)
Hash 96cc627a4193ec924b1d0fed5a006568
19e09b0714748f4cbbd6b6e7793649de81b7285c
7af4edca267795eb7cabf5616de9164adfbc738d8f24e7e9d3c6778d22d25d4b
Analyzer Verdict Alert openphish Wells Fargo & Company
GET /auth/login/static/js/general_alt.js?async&seed=AACKciGGAQAAikoR8uSQZfq-2LTHMox07sDTzLzlJX9u7BLHLcJB8BYJw3ke&X-G2Q3kxs3--z=q HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 12:17:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: WesdAksn=A6AugiGGAQAA7fsicP6c0qbGk-MxlZyvjPKiVLDAEPow43PoI_L1Pzg4wnq_AaOrhiucuDv8wH8AAEB3AAAAAA|1|0|b3a1d98b4e3adeeec4c2e88c90a37acb036b7397; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=bH4mwA6mgkTVRAh8GormLYMzi5KZ24tFNJxLl7RtlIo%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:05 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:3 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e41_VM-ARN-01cnE31_15556-39408
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
File type JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Hash 22092e301760ed865af6ece6eb04b1be
557b52e40ec2d8f2fe080580a1858c8666791bf2
12afba8f5929ab372e9cffbbe57e8bb562c60fc0a98b751c69de1adc04fb4aea
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Sun, 05 Feb 2023 11:22:47 GMT
age: 3258
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
File type JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Hash 91fc66b0cc0a6a614095f1a64df0ae3b
36d83cd4aac353d81990df94ac1e5466483ab145
fee8713249b5cc35e5a4bb521c3a645c8b2a0c927c8384b99cf4f3a046e5d316
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Sun, 05 Feb 2023 11:54:50 GMT
age: 1335
last-modified: Tue, 31 Jan 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
File type JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash 4b4dc2f2fa90e5157009acf4c7b1d589
ec64bb109dac848eafb80765cb510015c5d3ffd5
83ad9f7b27e6c7f20f257f0a3ff004ca69cfd0d4768222a51a655ac9ae139f6e
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Sun, 05 Feb 2023 11:50:47 GMT
age: 1578
last-modified: Tue, 31 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
201 Created 18 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash d9e31441c04c32264c6821f4ec958ca5
8516f62844b4264d3ccaab00350323d07b9c50ef
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /5nPZ_tg-g/viVXO/dtrA/E3f7tDwf/PRc4N0sKYQk/a3gqRg4i/KHE HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2570
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1675601265579$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 201 Created
Date: Sun, 05 Feb 2023 12:17:05 GMT
Content-Type: application/json
Content-Length: 18
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=DevXL0Gq0kxlvZbaWJnFYw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
DCID=DevXL0Gq0kxlvZbaWJnFYw%3d%3d; Domain=www.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
_abck=1E99BF1F07224DA1BF63027235646814~-1~YAAQvWpkX/wZbsWFAQAAcTGCIQlpcPesjrK1BsO25VjaD1xW6VIPyXAiwJpZhrJlwmWlU6X+7IUzaIM/oRZRGvRBOxKet/LPj2oYCW2Jb/7roZBRK2AJ9OpBfR9dDudU8t6CHKRQZPxA45YKJG0OrhMAotF2Q4elIrkq05yCvGMNoqAUFo/8e0QU/PrcbTvU0Y/GKxOalBITaLRX2R9jjdL5LaZxr6eXLSV4cuH+ru21iR/2lR/8z6PwlSrJu2VrB9hmQMxpwbPvVbRbuWCYKAtJ83islwkgKFvY4piI2k4RMaQ1pbf+1pLzQY9FmhGEAKETMHM9wTmJJo1rU3iNp2p9D9+Lb8bNQIY4Gov0oX3e/hctjBONJVNBXqjLqHNhRw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:05 GMT; Max-Age=31536000; Secure
bm_sz=F3A4C895B6B32460FE73D11D1833B853~YAAQvWpkX/0ZbsWFAQAAcTGCIRIv3iLZwocFgCpreu1uJtxcDNqq5EvDgCMNv2tCB1j+eX1YuoHT8ziioDxReTgXarWx4+mmD0HL4XUWxCNt5luxlf4CnzjBS7FsYYEirXmN/MUwbbsEcHq+0yArhJpd689xe1ONlC/MrI4Fd27IyuafyhJOHCMzvd95pkFa4JlwO6w2jENbs2pAs5K5pTMorm19P4MYuTpRnJ9Sx5RHXmyAvILT1Sb8gTQ08oL3kKGg/YQtvByGIbw2OZ5VNzsr5vIvL4LHBev1wSLDLWvUqLhTRESy~4272196~4276787; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:05 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01cnE31:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e41_VM-ARN-01cnE31_15569-4850
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
200 OK 682 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
File type JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Hash ee3b2ca8193a47eb1c2f1628b80b953f
6b53021c8663e3a0f874c5f030902a78c3ef1b9d
2cc501aa09d747a9b69b88c92f896650b9c9f5c32dae8b2315ab61c63d9a4ccc
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Sun, 05 Feb 2023 11:51:22 GMT
age: 1543
last-modified: Sun, 29 Jan 2023 16:36:52 GMT
etag: "1675010212483"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: +j0Q0AAexMinmTwBtRzmFxdYV8erJ2GV9z/pqKF6K+X/2SaKu/zj+yrBtcGEuAksfMOItDuuDJc=
x-amz-request-id: YK6T4B8V6ENMRGST
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:24:27 GMT
age: 3158
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/target/offers/conversations
200 OK 2.1 kB URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/target/offers/conversations
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10024), with no line terminators
Hash 02c8c2337a7c601ed45cfb12aad7beec
224f546376523d9d1667f44a43fcaf0fe0ebbc9a
f2425a50013212043ae078fa8246b5f7a7fb34251576cc3063a6c34cc4960b0b
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /target/offers/conversations HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=UTF-8
Content-Length: 105
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 2110
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-127e1ad6-2817-453f-abc7-b75affebd5b1' 'self' https://*.wellsfargo.com https://*.wfinterface.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Pragma: no-cache
Expires: -1
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:88104acb-27a3-41af-a491-4ddc22dd112f; Expires=Sun, 05-Feb-2023 12:17:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:88104acb-27a3-41af-a491-4ddc22dd112f|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893; Expires=Sun, 05-Feb-2023 12:17:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206893|e:174; Expires=Sun, 05-Feb-2023 12:17:35 GMT; Path=/; Secure; SameSite=Lax; Httponly
CookiesAreEnabled=yes; domain=.wellsfargo.com;path=/; secure=true; HttpOnly; SameSite=Lax
INLANG=EN; domain=.wellsfargo.com;path=/; secure=true; Max-Age=31536000; HttpOnly; SameSite=Lax
wfacookie=11202302050417051674532968; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:05 GMT; secure=true; SameSite=Lax; HttpOnly
wcmcookiehp=77C238FDA667940F2B7A00365B0AE829; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
DCID=kXZ7r5%2fRZt2fFfTglUL6bvjTybtWm1z5drkjXOscqUw%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:05 GMT;Httponly; Secure
_abck=01FFD87600EC0411B55E015DAEE41AA5~-1~YAAQvWpkXwMabsWFAQAA4jGCIQn7Qc69MGLvYcmudh4aLYTz1LvrPEIP55GajCUZfEsLSQgwV+WW4Ynu0XmEHYFaex0EwYLk07yzhTEwpt5hG+VVkgTwDKmHjfUL3OKWqSEEARTDAmNmuBm2D7itRY8E/XWcHB12OjaPi8PKV6I4Qah2pglJono7w7Czxt5fZgYQq2A65ovECpwanwYcj2FOJTdZuw89XnIISKR3Ch68weKVFtrLAcLSXsEmfQ9NeFeiEl80c3YI1BTCx4RlfGLATY4Wj7gkkbioJhIOaPp4fEAmJXLIRwVHuAX3dEp8cpZ3wl4y0UnGiNNLhWZkfOd0ccU0y4vPZIATKnguTbFsRAu5upi2ZalxNv7Cpqfzrg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:06 GMT; Max-Age=31536000; Secure
bm_sz=3CE836A59BDEA4DC4D7A6F31A2E174A2~YAAQvWpkXwQabsWFAQAA4jGCIRImz/L328rPmx7TRnz0I6iWYtthyknNID4cMjVwivv34243aetA6K8KOIVzWdsrAVCPgfRdaWPuCInfGLqVuwDMMPyLkPm0N/6o2fjJ/FkjpyN6jhhBlrE3275nIuimNdN6ZMx2D8RVyQkvwp3alXrj3WGawPU0kM86+Zi06MvR+3NJMymdjOK7n3yztJA+4mCxdAhF51t6VMQE8dmAhgHbMO9z1KJSjqSMv5u+fz4SQh9PVV8yGuSK3znQP9zOmQw/DFvA9iEJ6Qk07kGNGUC5XnXE~4272196~4276787; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:05 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01XDr43:0 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e41_VM-ARN-01cnE31_15569-4831
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11805
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11805
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
200 OK 935 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
File type JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Hash 3d63398bfcd270d3aff50d730b7fbf8e
95b217d19c323845ba9739f9e343ffd4a050dc2a
28be153e42646803b6aa62501fcb5262eea2812237655cec6be8b2a3ff4e7d0c
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Sun, 05 Feb 2023 11:25:45 GMT
age: 3081
last-modified: Sat, 28 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 2795
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 30847
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a4eed23b240d04a3cd6b085cfa93375
f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00
93e8371f80c12d3753842e36001dbb8d3dc2223b10a594639752cd816c492d4e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ad60ff0-69ec-4be2-9334-41be71ca4b7f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10905
x-amzn-requestid: 093778fc-231c-452f-a6fc-15f4eb41ade0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmNJCEDzIAMFmxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8c239-7f56d6e56392f373541db219;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:24:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WVfpilnwhnRXBhJkHBWjxxoP09f7SqlRk8CdWRWOubIIwe0CX89bUA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:09:58 GMT
age: 50828
etag: "f29b9dc3f6bbd2ba76a5a4570ce044d5f240fd00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 3185
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 52383
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5beaead015b2b4fb6d36009926ba0378
67e7c49ea7648fc6d1dffc22588862c993b785b7
6ae0cec9ade23fd53e9c1407b0324a8060892a65a6b675ccffa4a4c82b66f1ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0def934-b27d-4612-bab8-84bfb73a9960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 280f7003-2696-4a82-bd50-82b0a2b66faf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsSpoEA0oAMFSBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3170-35dcb9513c891af201b973d1;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 03:43:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IxfTibTq6T_wq9a5YCIBZLBb70BI7AOLEAYMYYuMZPhvVKjDbFfrvA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:52:08 GMT
etag: "67e7c49ea7648fc6d1dffc22588862c993b785b7"
content-type: image/jpeg
age: 51898
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
200 OK 24 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cb2701f69033671b5b2f3fec4c80f572
ab6a87369924fa513fa98e04677c2d332d5e25c1
9913aaf46bebf4d41ba3b37f686ba546b41faa33db9dc720a68bebd924121125
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1305630454_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "635162e2-d177"
last-modified: Tue, 01 Nov 2022 22:03:11 GMT
server: Akamai Image Manager
x-serial: 1920
x-check-cacheable: YES
content-length: 24386
content-type: image/webp
cache-control: private, no-transform, max-age=1331160
expires: Mon, 20 Feb 2023 22:03:06 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
200 OK 24 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 51ee4423bd7473f82847570bb6f10f88
5665cca6ad63f3cf35b07de9f3534c8e94cfe698
79117776265cb8f5638233611d20d12eb5af668b2b7a0228eaa6d15d190e6890
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1345111232_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6350582a-e73f"
last-modified: Tue, 01 Nov 2022 15:13:52 GMT
server: Akamai Image Manager
content-length: 23618
content-type: image/webp
cache-control: private, no-transform, max-age=1158030
expires: Sat, 18 Feb 2023 21:57:36 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
200 OK 4.8 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x423, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0867726241a09f5c4f8881c0b0a8bfc2
e0822cf1a6d39dbfac1c1d908a3fadf6f113554f
406498a4f546d06603699d7290a4b5c2492b7c8e7c949d16fd8e87f946aedac1
GET /assets/images/contextual/responsive/hpprimary/wfi_ph_active-cash-card_1700x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a7e46d-e1c7"
last-modified: Thu, 14 Jul 2022 02:10:45 GMT
server: Akamai Image Manager
content-length: 4750
content-type: image/webp
cache-control: private, no-transform, max-age=971967
expires: Thu, 16 Feb 2023 18:16:33 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
200 OK 1.0 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2700367e62982f99dbdb7efa2e11328c
7db153f43a4bc9d95eb94e0d07404440b92ec129
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b-wf_icon_house_gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61a93697-f60"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 131
x-check-cacheable: YES
content-length: 1004
content-type: image/webp
cache-control: private, no-transform, max-age=931173
expires: Thu, 16 Feb 2023 06:56:39 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
200 OK 46 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 616x353, components 3\012- data
Hash dcf7437b7a206b67e8a55258ceea28ae
88e53c53f0878df1b91a66feaaa14fd8fae4af48
360a07438b52ee265a76b81e252fa33b85d462168d6998b6e35df8df2899e9d3
GET /assets/images/contextual/responsive/smlpromo/wfi000_ph_g_1200094303_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "63505819-d82f"
last-modified: Thu, 20 Oct 2022 21:37:57 GMT
server: Akamai Image Manager
x-serial: 1019
x-check-cacheable: YES
content-length: 46359
content-type: image/jpeg
cache-control: private, no-transform, max-age=263528
expires: Wed, 08 Feb 2023 13:29:14 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash f34b79c8f01331bb9af372c3996392f8
88d0d0233e00f3f387efd497131bb91bdbfed6b9
b069f9d87f72a379d0b3076384da242c0f20c891964f3d502aee614e5d393085
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_ui-card_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6259d009-b1d"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 1284
x-check-cacheable: YES
content-length: 1064
content-type: image/webp
cache-control: private, no-transform, max-age=1086162
expires: Sat, 18 Feb 2023 01:59:48 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
200 OK 1.6 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9bab6d4f56255c3eb509223b9e20a4e4
9dab7ff41b34eb5a3ac57e0b09e6215b549b7136
e68a77a05fe5ce16c4f6aa3590d99909ddb57e180a0741736debbe26fd98233b
GET /assets/images/contextual/responsive/smlprimary/wfi000_ic_b_graduation-hat_color-gradient_64x64.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "633eedca-e69"
last-modified: Tue, 25 Oct 2022 20:39:05 GMT
server: Akamai Image Manager
content-length: 1570
content-type: image/webp
cache-control: private, no-transform, max-age=721362
expires: Mon, 13 Feb 2023 20:39:48 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg
200 OK 42 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x502, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 119a7ea5f92c8c808dd5966a61dfae14
541b1f9dda57e965da73ea16c9ffca15f557fc0e
ecda6caaf2e4d61e9cde793eaba31325a139e9c9d712825cef14a7504fe58b4c
GET /assets/images/contextual/responsive/lpromo/wfi_ph_hplp_greencarddesign_eng_1600x700.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22b-18ae6"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 794
x-check-cacheable: YES
content-length: 41940
content-type: image/webp
cache-control: private, no-transform, max-age=883223
expires: Wed, 15 Feb 2023 17:37:29 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-1-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash cd43a2d200f1b8eec84495408eb299f0
2eb173b0af9b49b634e0645a96931f5fdf6e3ab3
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
GET /assets/images/homepage/position-1-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-9f2c"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 858
x-check-cacheable: YES
content-length: 2330
content-type: image/webp
cache-control: private, no-transform, max-age=932618
expires: Thu, 16 Feb 2023 07:20:44 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
200 OK 2.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-2-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2f9e97870725142046712437d067b97f
bf8db685193835edea05ac95e5671b24e0f49467
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
GET /assets/images/homepage/position-2-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-cf3e"
last-modified: Thu, 14 Jul 2022 02:02:39 GMT
server: Akamai Image Manager
content-length: 2340
content-type: image/webp
cache-control: private, no-transform, max-age=849540
expires: Wed, 15 Feb 2023 08:16:06 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
200 OK 2.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/homepage/position-3-bg-gradient.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash bf02d082705f06162b2e73f68602e79e
219dbb45081fa5d8663bad2f96e9066e7f17aa6e
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
GET /assets/images/homepage/position-3-bg-gradient.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "61619278-7b35"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
x-serial: 416
x-check-cacheable: YES
content-length: 2092
content-type: image/webp
cache-control: private, no-transform, max-age=963951
expires: Thu, 16 Feb 2023 16:02:57 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
200 OK 852 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Active-Cash-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 83d5bb1eeca48fd91b76ba78a6033079
795d21b0703fe9606406267cbb1740251f17949c
b5b73fb58b90213e3e94e8bb2f2821ae968e4a14c736940a2a80673c5039919b
GET /assets/images/rwd/Active-Cash-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1d25"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 852
content-type: image/webp
cache-control: private, no-transform, max-age=817725
expires: Tue, 14 Feb 2023 23:25:51 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
200 OK 1.1 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/wf_autograph_card_79x50.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 79x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8fc4a7236687f00978c3d3d9c679fa7d
5d7bcfc23ba4a4b58f22f497b214e7b427916b05
c2f04b9277e2158e498ea44ff61a651461ac7bcf0eed712b78fa8e21ae6eabfb
GET /assets/images/rwd/wf_autograph_card_79x50.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6286a22a-81c"
last-modified: Thu, 14 Jul 2022 19:31:27 GMT
server: Akamai Image Manager
x-serial: 2010
x-check-cacheable: YES
content-length: 1118
content-type: image/webp
cache-control: private, no-transform, max-age=1028103
expires: Fri, 17 Feb 2023 09:52:09 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
200 OK 712 B URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Reflect-Card-79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 856ba11ad61b561850f726f3f9bd8c6b
b50337dec6ee97d505a21bdcaa15f4a0d2bb2571
7867b0f1e4d21ebd684268360f820149578a15141a9128b57a97843c0fcb3b72
GET /assets/images/rwd/Reflect-Card-79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1c20"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 712
content-type: image/webp
cache-control: private, no-transform, max-age=935581
expires: Thu, 16 Feb 2023 08:10:07 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
200 OK 1.3 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/bilt_card_79x50.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 20395535ccb9d64fc541151586d860d7
791003e66d20380a1925d19a9bb3c4cbaf451073
5220e2267bf1d52810fa37112ed26e7d0d6a6f8cfaaa7d36c032b68562030d05
GET /assets/images/rwd/bilt_card_79x50.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6217f519-1be6"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
x-serial: 961
x-check-cacheable: YES
content-length: 1348
content-type: image/webp
cache-control: private, no-transform, max-age=914344
expires: Thu, 16 Feb 2023 02:16:10 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
200 OK 9.7 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/Native_App_Phone_Personal_v8.png
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8b4c65145c9e79c9856c52e2ce603d3b
438a74f7b0422772484641c478e42249dfe67b02
768a1f0d67ab6d887d220ae8500265022bc019d8076b815c8ca7b009556be135
GET /assets/images/rwd/Native_App_Phone_Personal_v8.png HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "6328cc17-9829"
last-modified: Tue, 11 Oct 2022 18:46:18 GMT
server: Akamai Image Manager
content-length: 9652
content-type: image/webp
cache-control: private, no-transform, max-age=1833688
expires: Sun, 26 Feb 2023 17:38:34 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
200 OK 32 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/woman_in_office_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b5816c180aaf51a1142bd41e53a6ed3
f8dfd3ec8e0fb88ecef0a4b07acda06d280741ab
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
GET /assets/images/rwd/woman_in_office_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-d06e"
last-modified: Thu, 14 Jul 2022 02:02:36 GMT
server: Akamai Image Manager
content-length: 31450
content-type: image/webp
cache-control: private, no-transform, max-age=1086282
expires: Sat, 18 Feb 2023 02:01:48 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
200 OK 29 kB URL HTTP/2 www17.wellsfargomedia.com/assets/images/rwd/volunteers_cars_616x353.jpg
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 616x353, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1368994cfb46c8ae169c749459365581
49af26a99885e645354f7b26e123655cdeee159b
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
GET /assets/images/rwd/volunteers_cars_616x353.jpg HTTP/1.1
Host: www17.wellsfargomedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "618017dd-cd21"
last-modified: Thu, 14 Jul 2022 02:02:37 GMT
server: Akamai Image Manager
content-length: 29240
content-type: image/webp
cache-control: private, no-transform, max-age=926667
expires: Thu, 16 Feb 2023 05:41:33 GMT
date: Sun, 05 Feb 2023 12:17:06 GMT
X-Firefox-Spdy: h2
static.wellsfargo.com/tracking/gb/detector-dom.min.js
200 OK 132 kB URL HTTP/1.1 static.wellsfargo.com/tracking/gb/detector-dom.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65434)
Size 132 kB (131829 bytes)
Hash 73ad7a8f8ccda765b898b038f90d8274
756ac35ad2422d93a0b327dfeff7fe9200695883
60ccc38cf175aba7cbe63bf1ec6319b5c1648d9a52014dfefa6ec718476a17b7
GET /tracking/gb/detector-dom.min.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 20:03:51 GMT
Vary: Accept-Encoding
ETag: W/"632cbfa7-6b8d3"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 131829
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=lPAm7wTMLTNf4YsrE+jE2w%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?id=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?id=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=91NMRKidYZtxBIUNpgs4eg%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.digicert.com/
200 OK 471 B IP
Hash 9ba49f1fc7f2f554049e6761ba03e37b
687a48ce650668c484bfda4b50fd202977bb85de
256310e4ec423d30bb346e06ff441daf493641a12ad9e208a2cdf90a0fcbf6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2319
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:06 GMT
Last-Modified: Sun, 05 Feb 2023 11:38:27 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675599466383
200 OK 321 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675599466383
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash d7dcc4558a7fdc782a4a0e2a8b9d8839
18be118dbf2e15c2a113ee7a7c5d26bbab17c6e9
779d8c50823e261e0347ec32fc1e692b6aa80d56c3ae45c3c40e9f95d88911f3
GET /id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_coop_unsafe=1&ts=1675599466383 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-08dd6474c.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=07974279647788597091789500631284827976; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:17:06 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: mAaOWFwdSvs=
Content-Length: 321
Connection: keep-alive
connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
200 OK 569 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/short/accounts-cache.js
IP
ASN #20940 Akamai International B.V.
Hash 33fbe3a2d69cddef6e4a946096d516c6
5dc02187efd63f59e7747024016774a9ae4046bf
5afe00e1770197f51923e187f09f529db01f0ad8a3f245b2e9b571446e364fe8
GET /accounts/static/7M/accounts/short/accounts-cache.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-497"
Cache-Control: max-age=1800
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 569
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=4wRgnqpb2oWEojIkBxDttLArsL4GuxWiuMfPJpw3VReUUeXf0+vb7n25n6GyA4fS; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=08005163885742793421790353198218984795&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202302050417041581745277%011&ts=1675599466607
200 OK 320 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=08005163885742793421790353198218984795&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202302050417041581745277%011&ts=1675599466607
IP
File type JSON data\012- , ASCII text, with very long lines (382), with no line terminators
Hash 4906adc8fac718bd8a16a590d017c6da
967712161c4fd4b7b42c12e26462533e3fe8631d
7ebcb1848760c7bc164f3e08be0dcfb3bc8bdb2449f56648449f990c7535e834
GET /id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1BAA15F354F731E60A4C98A4%40AdobeOrg&d_nsid=1&d_mid=08005163885742793421790353198218984795&d_coop_unsafe=1&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=wfacookieidsync%0111202302050417041581745277%011&ts=1675599466607 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=59999486955406809060599109799132397900; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:17:06 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: tDysSSmURA0=
Content-Length: 320
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash 83712ff1b330fc8aee58e72feb68a1d5
d31392c6247cbdad51a6fd71539654acbac2119a
2f2881ce7eb01a738787665d049784ade1b0ad0c3b83f311d9809ad852061288
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:06 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 01:42:56 GMT
Expires: Sun, 12 Feb 2023 01:42:55 GMT
Etag: "d31392c6247cbdad51a6fd71539654acbac2119a"
Cache-Control: max-age=566148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794b94be9dbe0b51-OSL
api.rlcdn.com/api/identity/idl?pid=1317
451 Unavailable For Legal Reasons 0 B URL HTTP/2 api.rlcdn.com/api/identity/idl?pid=1317
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/identity/idl?pid=1317 HTTP/1.1
Host: api.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Sun, 05 Feb 2023 12:17:06 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
200 OK 23 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1f394d5e622516de8455a0adad3ec3a4
6ea419e3813723cbe7bb8e2b1a55007c27de2cf5
f5e90651778c28c44a8527a67cf1e6ca98e3f444079e453f4005558e66437e2c
GET /accounts/static/7M/accounts/public/stylesheets/main.2f6490b248e0bc46f824.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 23136
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-5a60"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=GOqdFfgN84VunmTj3SGh1w%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1524d2feddb5b31daa9fe7c4fcb562b1
45717724083119d92a3e2e5e7b65724ae0333b84
ddb56ac96f135f1dc6eede90348813730b1a2744bdd3e5f20443dbc6010820a0
GET /accounts/static/7M/accounts/public/stylesheets/wfui.dfcfda3cf6ac55a7ceb9.chunk.css HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 37102
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-90ee"
Content-Encoding: gzip
Access-Control-Allow-Origin: https://www.wellsfargo.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=G4%2fJxVnJIq6tsL%2fikvR3BA%3d%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32088), with CRLF line terminators
Hash 3aebe41731e9656c48b87e8e8b2d1177
43369d1732f4ad8a5e7a1e9a3e133d96945afe02
6cf0cd136cefa8b4cce2da6ead22c33b83af4af3e87d7e4e9589b60f6ce4e395
GET /assets/js/wfui/appdynamics/adrum-ext.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 09 Mar 2021 18:36:55 GMT
Vary: Accept-Encoding
ETag: W/"6047c047-b11c"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 14304
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=du4b8TdK8g5rpuU9Ix8csw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=UA-107148943-1
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=UA-107148943-1 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=nZ7FFiZW3xSMKy+ibgxkPw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=AW-984436569
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=AW-984436569 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LGEa5AmN44AZ1G5P9WqqSA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
200 OK 3.6 kB URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7300), with no line terminators
Hash 529a7c0a23255dcba4b28d93223b1baa
d42dccc998c4ef14ccd29ac23dad922646aff36f
efe09028974baf21caabbc06eceea0e8b01d1efd9102f7985743241f6cc8abb2
GET /accounts/static/7M/accounts/public/js/runtime.85f8fe51d92e1666882c.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: W/"6387ebc6-1c84"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Content-Encoding: gzip
Content-Length: 3646
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=fyuRBw7n1lsGQeKw%2fHpsDYViEqlvkhQvJbjjQrnvXQXLKtREFshTJul0KQgMLi+v; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675599466392
200 OK 322 B URL HTTP/1.1 wellsfargobankna.demdex.net/event?d_dil_ver=9.5&_ts=1675599466392
IP
File type JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Hash 63059fcfc525b4986044b1cbee021845
18e87e72bb298d05697ea81efa945467e935fa56
829c2d057fc4b48745988a127b21523aff60020edb0d7a0c3b128232a719a90d
POST /event?d_dil_ver=9.5&_ts=1675599466392 HTTP/1.1
Host: wellsfargobankna.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 430
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-040129606.edge-irl1.demdex.com 5 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=07974279647788597091789500631284827976; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:17:06 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: QdV4jBeRTjs=
Content-Length: 322
Connection: keep-alive
static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
200 OK 45 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/gtag.js?t=DC-2549153
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65507), with CRLF line terminators
Hash 02c5944802e321a49c191c43a905bfb7
77b4ac5db5c8717754fd2976f88ba2027e458ff4
e987815600381f14afd300d17c4f73646afe42233097d411b75d33ffbc7989c4
GET /tracking/ga/gtag.js?t=DC-2549153 HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 06 Dec 2022 21:04:34 GMT
Vary: Accept-Encoding
ETag: W/"638fae62-1ca3a"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 45055
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=Fu%2fWcSgBd5WaoceiMdMELw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
200 OK 179 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash c4b3757568a3af49d34f2bb4cd62e6d7
ffe87295dfb2e9137f92a2ce7117b87517fc3301
894a032d2ee8c9ff3d8719e3fbcd01c6db0f70f703f1c3bdf08a6a2989488147
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dc/sed-wellsfargo-9de6abb8?key=AIzaSyDsCAtzgd6ckzbiXwzmWMJoC0UPQEu9QhA HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Content-Type: multipart/form-data; boundary=---------------------------21439931501596019407480848232
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 169
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:1$_ss:1$_st:1675601265579$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 179
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
x-envoy-decorator-operation: ingress DeviceCategoryPost4
X-Akamai-Transformed: 9 175 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=+OytrThKb9PutKx%2fGFkr8irRaRU2nfrAMdIwL8ataoatsKaKFaSVyd%2fb0MiFE7nG; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
_abck=32724C287E3D40E1DCE2C950F4E7639B~-1~YAAQvWpkXxIabsWFAQAAejSCIQnoQJNqx8L/7DoVJMz7W0z80L/K3/z58iloz5BXCJwhui4nLfMA30vFT/bUH6xagXy3I5F9UjZKklRu6JH1k0F85es4GzFc1eyHdnuSS6SU0BniRbejeqYYumlDXzZvtDYmAnsOgYbz8ezBxT5/rtyvr7My27IGwu0ncYRwVVaWMyvvvRbSZet1r2kbOx/y/Q0qaPtMA8Xx0etFXs9K3Sx9t3z2a55+UHiDa2EFvnh/trHoOoABHewFWb885RnAXQ2SaRz1FrtbQLWwR0CHQVkNFJ1SGFXllt1N7cXmGyRqa4srlSGEWwItWqcACa9wYNcc2s/XC0N9N2tcQdajQ2GOsDdBVbGN/0N/QnyXYQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:06 GMT; Max-Age=31536000; Secure
bm_sz=5201DBDA61BF774AB867D46E28F235D9~YAAQvWpkXxMabsWFAQAAejSCIRLZ9CdLnD17VdGRlH8RJbNbJ3zG3Q6NurQtaPMbWJNtj9IwnMm1IJVx+sMsKMYjDvuZDSQUihbgkA2TQL3qomZGyQBTu8oD8fraldks/oLY4pcAL0kfXlv19jSdAVSGQZYPEJOf4Acqs8UvBfavu8gJzvRbegZq3d1FHalkNSwkbeyGru9C8Dc1Tfd/QBy9dWimelJTqk2wpXzSlpO40KCAdIu/yhdi8UZTWHa8zPNpCHlktlxMSKh+zEFC/YwKAwcINtIDWxYmRDt0tv1g8pG1CuaC~3682626~3556405; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:06 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e42_VM-ARN-01cnE31_15569-4862
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc%3A0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pv=2&f_cls_s=true
200 OK 76 B URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc%3A0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pv=2&f_cls_s=true
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 581ef4db31cf8b05312ce42ffd607dbe
8f2035e6b0bcbf73ef45148ce9a1f5640b1ba94b
fec2300e9991479c566a638d5ca465643b0a061605dfc7870ebc9e01c1663e93
GET /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc%3A0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pv=2&f_cls_s=true HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 76
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Set-Cookie: _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; Secure; SameSite=None;HttpOnly;Secure
_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!EOMCfTI29Qut6+B54TfMmyz5FQ342VKH0U/zGGQILhVmX9E3kaCOYGZnJajkiXvf5juGVtN6nLUBoVs=; path=/; Httponly; Secure
DCID=XM%2fUysMgUSl7Un+8JhgtNkGTECeeW3%2fkNz4%2fVoEk+e8%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/ga/ga_conversion_async.js
200 OK 14 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga_conversion_async.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (35846)
Hash 42c817a7b5f9583b2bc70f742dc950c9
ff75711716f8605860abe551b0235f7194e4348e
881b430ac699f32b3b5234582494d1f4fc0d22be1e6ac797847d66bc5ebc250f
GET /tracking/ga/ga_conversion_async.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-8c31"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 13593
Date: Sun, 05 Feb 2023 12:17:06 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=PCt00YMJt4G3+z7Ol0yrfA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.wellsfargo.com/tracking/ga/ga.js
200 OK 20 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ga.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (49163)
Hash d76c07f3794667edfb1c8ac0df3aac66
23e1915175dad06223c692b49c7b3c2aad1a5820
e0a246ff71144016a26e53493b8275a3a02b9386c690a169801840072851136b
GET /tracking/ga/ga.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-c025"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 19477
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=BKwKzB4Vr0pztHBxEnDqAQ%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F?
200 OK 310 B URL HTTP/2 2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (547), with no line terminators
Hash 299173b2e8c0435b627839d0ead4b85a
bef852fc130a624411ae28de584539cc32d96cfd
beaafe46745737ca91c9df60d159a4d256212db57272406711f5b25e7641389f
GET /activityi;src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F? HTTP/1.1
Host: 2549153.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 310
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 12:32:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
200 OK 607 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/atadun.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash 00c66df208db2e1ba86a1bf44853001c
703b030e21167b9bbb52ae54bca96921a886c2dc
ab1989dd07ba1ed256db9131647ea9cb1b3735fac736fd27fb73b4b44c6e45b9
GET /auth/static/prefs/atadun.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 24 Jan 2023 19:34:26 GMT
Vary: Accept-Encoding
ETag: W/"63d032c2-4a0"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Content-Encoding: gzip
Content-Length: 607
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=raz9eZzq8VUcA%2f+8870DcRGNUMvywFm%2f+SDRO%2f53nO0%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 185b62fe607d5d833cc1717b68f3f7b7
ab6b571fdfcd1d1cdb923c48f53df4ecd74d85c2
656d98d306ebfcdea0dff590c34a6ce1496faa95ba05fb86f72a5e57e295f61b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 923a28f79514319b2f16e8f52fee3370
14b089fc7e2412fe7a6823f5b4d8bea8669bf755
bb7294772c5d35f2470c02e3236756cde7ad1ddeea465333d906a87da7ee2594
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5048
Cache-Control: max-age=106305
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Etag: "63de86cc-1d7"
Expires: Mon, 06 Feb 2023 17:48:52 GMT
Last-Modified: Sat, 04 Feb 2023 16:24:44 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 471 B IP
Hash 923a28f79514319b2f16e8f52fee3370
14b089fc7e2412fe7a6823f5b4d8bea8669bf755
bb7294772c5d35f2470c02e3236756cde7ad1ddeea465333d906a87da7ee2594
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6073
Cache-Control: max-age=107330
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Etag: "63de86cc-1d7"
Expires: Mon, 06 Feb 2023 18:05:57 GMT
Last-Modified: Sat, 04 Feb 2023 16:24:44 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
connect.secure.wellsfargo.com/AIDO/glu.js
200 OK 37 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/glu.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2a56d45a7d0dc82cefdd326640745ec2
da00a076c096503a727240bb0f4769dece94d138
b4b5acfc036de83504fb6c02cde371636fbb02e823dbca451df5da6d79b26470
GET /AIDO/glu.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 37105
Vary: Origin, Accept-Encoding
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, OPTIONS
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=GEEaRCS85IZrACBRhZMlb8ZT0SV6CozPoOBVCwvQQK4%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
static.wellsfargo.com/tracking/ga/ec.js
200 OK 1.3 kB URL HTTP/1.1 static.wellsfargo.com/tracking/ga/ec.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2771)
Hash 8a1d22ba0de1104dcdc02a582b407ed2
e4d90fd13a73c7379c46b197ded523a5d33c69b9
4a44a1a7efd65360f31e0b1842ad06b7fedc7c0373c69c0077c696cd49cc35de
GET /tracking/ga/ec.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Thu, 09 Sep 2021 17:30:40 GMT
Vary: Accept-Encoding
ETag: W/"613a44c0-aed"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=1800
Content-Encoding: gzip
Content-Length: 1313
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=OIYHcv1wgYyHKRF2SxryUw%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
200 OK 16 kB URL HTTP/1.1 static.wellsfargo.com/assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (599)
Hash 18a9dcc7cee831010cf1647c8e39088a
731f39c30835414c6e165dd4687bf4071fe0eb10
1dc439a17ef08f995584c4869ccc397120b2502b57ba40240887df28e347be9b
GET /assets/js/wfui/appdynamics/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: static.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 03 Mar 2021 23:46:24 GMT
Vary: Accept-Encoding
ETag: W/"60401fd0-bbed"
Cache-Control: max-age=31536000
Access-Control-Allow-Methods: POST
Allow: GET, POST, OPTIONS
Content-Encoding: gzip
Content-Length: 15970
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=LTQiog0GkZV5JKwy7r3zqA%3d%3d; Domain=static.wellsfargo.com; Path=/; Expires=Thu, 01 Jan 1970 00:30:00 GMT;Httponly; Secure
ocsp.sectigo.com/
200 OK 471 B IP
Hash 83712ff1b330fc8aee58e72feb68a1d5
d31392c6247cbdad51a6fd71539654acbac2119a
2f2881ce7eb01a738787665d049784ade1b0ad0c3b83f311d9809ad852061288
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 01:42:56 GMT
Expires: Sun, 12 Feb 2023 01:42:55 GMT
Etag: "d31392c6247cbdad51a6fd71539654acbac2119a"
Cache-Control: max-age=566148,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794b94bffecb0b51-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=434835420&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=58514563&gjid=2128566104&cid=1196215429.1675599467&tid=UA-107148943-1&_gid=1205926927.1675599467&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202302050417041581745277&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1196215429.1675599467&z=318995217
200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=434835420&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=58514563&gjid=2128566104&cid=1196215429.1675599467&tid=UA-107148943-1&_gid=1205926927.1675599467&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202302050417041581745277&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1196215429.1675599467&z=318995217
IP
File type ASCII text, with no line terminators
Hash cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
POST /j/collect?v=1&_v=j92&aip=1&a=434835420&t=pageview&_s=1&dl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&ul=en-us&de=UTF-8&dt=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=4GBACUALBAAAAC~&jid=58514563&gjid=2128566104&cid=1196215429.1675599467&tid=UA-107148943-1&_gid=1205926927.1675599467&_r=1&cd1=WWW&cd4=n&cd7=DESKTOP&cd8=PRODUCTION&cd9=11202302050417041581745277&cd12=BROWSER&cd22=hp&cd23=4.49.0>m=2ou8g0&cd35=1196215429.1675599467&z=318995217 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
date: Sun, 05 Feb 2023 12:17:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 153d0de36959c722c00df71ba86daca2
305f56a3134879ebf0828e169e903e560540c070
0cf533a798d42d1e97fb6619a411afadf9a68c92302ba852869b0c0555a47987
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pid=b776eca3-d462-4fc2-a184-185b6cfdd013&sn=1&cfg&pv=2&aid=
200 OK 1.1 kB URL HTTP/1.1 rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pid=b776eca3-d462-4fc2-a184-185b6cfdd013&sn=1&cfg&pv=2&aid=
IP
ASN #20940 Akamai International B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4922), with no line terminators
Hash 4cdea2f7cfb54cd1e609c2fdfcecfd3a
a440ecdd4433c09dc7adfbac5e23d36f728d1626
759f9114baddfd4bf89ba879319b607746038bba45aeb5652763d79d03538780
POST /glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/cls_report?clsjsv=6.6.52B103&_cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0&_cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e&pid=b776eca3-d462-4fc2-a184-185b6cfdd013&sn=1&cfg&pv=2&aid= HTTP/1.1
Host: rubicon.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 2839
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
Content-Length: 1075
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: origin, Accept-Encoding
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: _cls_cfgver=de760e43; Secure; SameSite=None;HttpOnly;Secure
ROUTEID=.cligate1; path=/;HttpOnly;Secure
ISD_GB_COOKIE=!L4yhH44CsjuOqgl54TfMmyz5FQ342SRMI8/uR98laYVoq+QU7qGgvao7eHxHOQTg1imcTq6PeIa42ac=; path=/; Httponly; Secure
DCID=ah9wPjJUGhOdU3t5c2MVqvxvPoHYHAaYn5VIAKKrJF8%3d; Domain=rubicon.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&gjid=2128566104&_gid=1205926927.1675599467&_u=4GBACUAKBAAAAC~&z=1025199348
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&gjid=2128566104&_gid=1205926927.1675599467&_u=4GBACUAKBAAAAC~&z=1025199348
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&gjid=2128566104&_gid=1205926927.1675599467&_u=4GBACUAKBAAAAC~&z=1025199348 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 05 Feb 2023 12:17:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
200 OK 310 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (546), with no line terminators
Hash 5ccb61c37a285f3c908b474f7c97fb6d
df16d8e29bb6c760753b7ec602d42b3c7b6eb348
4052c4b5c6f1620be9a0bcf0312833f0685e4b6d8db15da1054c8f0b47d1b700
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2549153.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467412&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467412&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467412&event=PageLoad&eventType=PageLoad&eventDescription=PageOnLoad&device_type=DESKTOP HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=HrW2afku7%2f2twLxiiu9d3JDIm7P4cbKB7KM9S0n+9NaYhMLXm02ndam4mHPej0Kv; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4878
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467467&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467467&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467467&event=DisplayFatNav&eventType=Presented&eventDescription=DisplayFatNav&clist=tcm%3A84-226512-16%7Etcm%3A91-226306-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=ZiAfjyMaS%2f9xGeWwG7G5beimGnJL6i16a14o1x9pNwR26F2TFllJUgImQzJjsZET; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4880
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467461&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467461&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467461&event=DisplayMasthead&eventType=Presented&eventDescription=DisplayMasthead&clist=tcm%3A84-224274-16%7Etcm%3A91-223647-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=up0K9E+5LYsd5rRMhlMqpjE%2fz3NzfjECSBR0CKbaJYExmRT+QximJn7Hpx7Hs5IW; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15556-39438
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467480&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467480&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467480&offerType=iaRendered&slotId=WF_CON_HP_PRIMARY_BNR&offerId=C_ccd_tk1activecashtestarspv_hpprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=trMNH7ISIiAWgFCvUwLihn7GSi6rIQAy4lUxEZL+Pur4G1b8R6fbBb40FjhZ8TOz; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14570
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467477&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467477&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467477&event=DisplayMarquee&eventType=Presented&eventDescription=DisplayMarquee&clist=tcm%3A402-227175-16%7Etcm%3A91-223657-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=qXzexoUjwxuxnF5tP7ncahM6cO9fIhQ+3jM7FtzB0cZDDhOAsAJeNu88g7Wk5Obd; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14569
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467472&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467472&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467472&event=DisplaySignOn&eventType=Presented&eventDescription=DisplaySignOn&clist=tcm%3A84-224415%7Etcm%3A83-2046-8 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=AifsYDIiU5LuRxSu9DEv70tkcKPHyJF7KP3qy6UrhEU0ibQOmJcTcFjH8TS4KH9t; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15467-19755
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=2549153;type=allv40;cat=all_a00;ord=1509777368074;gtm=2od8g0;auiddc=1962664069.1675599467;u1=11202302050417041581745277;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:07 GMT
expires: Sun, 05 Feb 2023 12:17:07 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBQaGxIanBSV3ZEb0NUYTN2aTFFdXNnTC9GT0pZRUw1SXhsL3VBNW5HWTd0WUxrYllDT0ltdWJrZkNRamU2cHVnUldKV1MwaVZrRXFEMi93YXBUajhsSUg1NEsxc1NVdFcvM2JDQzc0L3ZNb2NtN1dSNDlMbEtUNkFBeVFydGI5TkFWaGZGNUxScms2eUNOd2dJYjV4dUpveTNaNnFCRGhtYy9HanVZV1BFU1hCM3UzMmZsenZJejJuL1FCaExQdWxhWlpzcThYNnlhSDE3ZDhTaElWaTU4eWNyb1pxTHJmY0xpV3YyVkczbVY5SHR6VjN6amJsYmplcUp2MXNWRFlpc1ZRYk1MbHZqeXZuRzVUSEFZNGVlQ2hDZjBxZU00c01DVDZoZEFnPXxkZjJkMjlmZGU0MGJmZDcxMGI4NjhjNWVlNWNlZTUxOTc3NzhlNWFmMzY5OGRmODQxNzE1NDk5YTRmYWRjMGVmNjBiODk4NWU5MmVhZjE2YTQxMDlkNzlmZmIyMjgwZDg1MjVmOWNlZGIzNzk0ZmZiZmY2OTBjNWIyZTczMjEzYzRlMjJlNmU2NzBkM2NjZDE2NWM4Y2I4MjliNDUyZDA4ODRiYmE5M2JlZTJlNzRjYmJlZWRiNGI4MGI2Y2Y1OWI1OGY1MGFjNTc0YWY5YjJiOTg2MmViMjFlOWY1NjQ0NWFiODUyYjkyYTIxOTJhNDk1YjQ0YjQ0ODhmZDRiZWU4NGI1ZTliYzU0MTU1NTc0ZGM0ZDM0YmNiYzYxMTA2MzRjMDU4NTFkNzc3NzFiMWViMmFjZTNmYjVmYjRhNTRlMTljZjUyNDlhNDgxY2RmMTdkMDc3NzUxMTg2OGU1ODhmYWFhYTI2ODRmYjJkOWE0NGUxYjkyNmMzZTQ3OGZlYTA0ODFiZmRmOWQ5ZjhkM2UyMTYwYzZiY2MzNjgzMjVjOTA2ZmY5MDFlODFmYjNhNGYyMDM5OGZiN2MxNjcwYjgzZDFkMDI0YTNkZTQzNDQ2MGE3YmNkNzc5NzExYjIzYWRkYjQzOWU5MWRlMmE0MWQzMzUwMWQxMDVkMDE4NDQ3MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com&t=jsonp&c=bozbxqsaiyaahcgn&eu=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
200 OK 90 B URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/vyHb?d=ZW5jZEBQaGxIanBSV3ZEb0NUYTN2aTFFdXNnTC9GT0pZRUw1SXhsL3VBNW5HWTd0WUxrYllDT0ltdWJrZkNRamU2cHVnUldKV1MwaVZrRXFEMi93YXBUajhsSUg1NEsxc1NVdFcvM2JDQzc0L3ZNb2NtN1dSNDlMbEtUNkFBeVFydGI5TkFWaGZGNUxScms2eUNOd2dJYjV4dUpveTNaNnFCRGhtYy9HanVZV1BFU1hCM3UzMmZsenZJejJuL1FCaExQdWxhWlpzcThYNnlhSDE3ZDhTaElWaTU4eWNyb1pxTHJmY0xpV3YyVkczbVY5SHR6VjN6amJsYmplcUp2MXNWRFlpc1ZRYk1MbHZqeXZuRzVUSEFZNGVlQ2hDZjBxZU00c01DVDZoZEFnPXxkZjJkMjlmZGU0MGJmZDcxMGI4NjhjNWVlNWNlZTUxOTc3NzhlNWFmMzY5OGRmODQxNzE1NDk5YTRmYWRjMGVmNjBiODk4NWU5MmVhZjE2YTQxMDlkNzlmZmIyMjgwZDg1MjVmOWNlZGIzNzk0ZmZiZmY2OTBjNWIyZTczMjEzYzRlMjJlNmU2NzBkM2NjZDE2NWM4Y2I4MjliNDUyZDA4ODRiYmE5M2JlZTJlNzRjYmJlZWRiNGI4MGI2Y2Y1OWI1OGY1MGFjNTc0YWY5YjJiOTg2MmViMjFlOWY1NjQ0NWFiODUyYjkyYTIxOTJhNDk1YjQ0YjQ0ODhmZDRiZWU4NGI1ZTliYzU0MTU1NTc0ZGM0ZDM0YmNiYzYxMTA2MzRjMDU4NTFkNzc3NzFiMWViMmFjZTNmYjVmYjRhNTRlMTljZjUyNDlhNDgxY2RmMTdkMDc3NzUxMTg2OGU1ODhmYWFhYTI2ODRmYjJkOWE0NGUxYjkyNmMzZTQ3OGZlYTA0ODFiZmRmOWQ5ZjhkM2UyMTYwYzZiY2MzNjgzMjVjOTA2ZmY5MDFlODFmYjNhNGYyMDM5OGZiN2MxNjcwYjgzZDFkMDI0YTNkZTQzNDQ2MGE3YmNkNzc5NzExYjIzYWRkYjQzOWU5MWRlMmE0MWQzMzUwMWQxMDVkMDE4NDQ3MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com&t=jsonp&c=bozbxqsaiyaahcgn&eu=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with no line terminators
Hash dae1bfe32d93322d36152d4567e93d66
fd0f5797b2d0d6be05c42595a5ce7a89ab4e4534
90f2ed0d85580c329f309d88d72b8209a0fa8d8f5d6368e21b19b123cc85ad2a
GET /AIDO/vyHb?d=ZW5jZEBQaGxIanBSV3ZEb0NUYTN2aTFFdXNnTC9GT0pZRUw1SXhsL3VBNW5HWTd0WUxrYllDT0ltdWJrZkNRamU2cHVnUldKV1MwaVZrRXFEMi93YXBUajhsSUg1NEsxc1NVdFcvM2JDQzc0L3ZNb2NtN1dSNDlMbEtUNkFBeVFydGI5TkFWaGZGNUxScms2eUNOd2dJYjV4dUpveTNaNnFCRGhtYy9HanVZV1BFU1hCM3UzMmZsenZJejJuL1FCaExQdWxhWlpzcThYNnlhSDE3ZDhTaElWaTU4eWNyb1pxTHJmY0xpV3YyVkczbVY5SHR6VjN6amJsYmplcUp2MXNWRFlpc1ZRYk1MbHZqeXZuRzVUSEFZNGVlQ2hDZjBxZU00c01DVDZoZEFnPXxkZjJkMjlmZGU0MGJmZDcxMGI4NjhjNWVlNWNlZTUxOTc3NzhlNWFmMzY5OGRmODQxNzE1NDk5YTRmYWRjMGVmNjBiODk4NWU5MmVhZjE2YTQxMDlkNzlmZmIyMjgwZDg1MjVmOWNlZGIzNzk0ZmZiZmY2OTBjNWIyZTczMjEzYzRlMjJlNmU2NzBkM2NjZDE2NWM4Y2I4MjliNDUyZDA4ODRiYmE5M2JlZTJlNzRjYmJlZWRiNGI4MGI2Y2Y1OWI1OGY1MGFjNTc0YWY5YjJiOTg2MmViMjFlOWY1NjQ0NWFiODUyYjkyYTIxOTJhNDk1YjQ0YjQ0ODhmZDRiZWU4NGI1ZTliYzU0MTU1NTc0ZGM0ZDM0YmNiYzYxMTA2MzRjMDU4NTFkNzc3NzFiMWViMmFjZTNmYjVmYjRhNTRlMTljZjUyNDlhNDgxY2RmMTdkMDc3NzUxMTg2OGU1ODhmYWFhYTI2ODRmYjJkOWE0NGUxYjkyNmMzZTQ3OGZlYTA0ODFiZmRmOWQ5ZjhkM2UyMTYwYzZiY2MzNjgzMjVjOTA2ZmY5MDFlODFmYjNhNGYyMDM5OGZiN2MxNjcwYjgzZDFkMDI0YTNkZTQzNDQ2MGE3YmNkNzc5NzExYjIzYWRkYjQzOWU5MWRlMmE0MWQzMzUwMWQxMDVkMDE4NDQ3MHwwMGVlMGI2MmVjYWFjODlm&cid=15%2C16&si=2&e=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com&t=jsonp&c=bozbxqsaiyaahcgn&eu=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 90
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=6hG+Hn459wTo33gzUfwlQgEDbWuc8GbPR7L1hXLaf8Q%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=FF5F5FBFF2BF1CEED2FBD49611250670~-1~YAAQHk8kF8dUGM+FAQAAYjiCIQlzk4yPAMlF7vPbOH+t2PHZ9lU3Q1rEcvDggRGhxCGtFab9e4iKnJf2li5h+v48IEaaljdZBEIhqFtopiJbuVXR3SQMaD/kmeQqxYx7X7uan30oQKn5zfSkiUGsdyLjKd4nmcruyVLPrS1dxFRIr8jcwPiU1tayZHK1sTKK1QIWsjYuSBKTll5rG0PBOo10s5gr0C57e69VLM/ja+tvs+kD2e3gVFQ/+yBOBDJKPNLX0XU8U7YxwbuTeML+xEqQKlXGb35Jhr3fJOMddugufwV05gXNxIym5L1Sh0/cZqNZdXy+byQe8aSW/NceLoxJCrGKCNoQthnfpe1SbmhSuwD37eLQ2IybvtUYOkGfRw==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:07 GMT; Max-Age=31536000; Secure
bm_sz=9AB04200D4F61D036566A06BAEFE11BD~YAAQHk8kF8hUGM+FAQAAYjiCIRKuYrqPcaiRiB8ddczVS/41Dcp8WsIxn1GnPA7b8dS5KhDscw637M+SZgDihSh+StAKPF7/2b+/2pZGakd6LpwyzqxSSzUphHaHNBhvURLyOtgkYX4hAFn9Qt5qKT3ceMvV3VhUz8coFnGJZ3ZLOKEWau4KfIczXw91U4gfL/itcUIezmt5bl6KqMMjpNGzR4FaQhsz3j/VZyiu09JogvtVwWg6gx8f97ruKAR6ZuYXtIjgGapibA7zn3q3GnM7df+/420796/16KgA3RxT/I+C9OJe~4342338~3684409; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467486&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467486&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467486&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=HXrEJd1SAp34H3KE5YnNphaoIhHkukbKU2vabgssTiJ78iznmR47l2jpyoFU8vwy; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4882
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467494&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467494&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467494&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=MtvdViouEsyGlWpG977ESR2ISwjKZxtw5FOEcO2kIf5xaZ6Mlx3NNATvjSlpafM9; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15556-39442
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467490&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=1
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467490&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=1
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467490&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_mtg_prequalificationbrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242226-16%7Etcm%3A91-228643-32&promoSlot=1 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=K7xhTYo%2fGjcN6kgU%2f4JqjTQXSC79lDUYBxEJO+LkDszyKY+aTM0Iw1sdV0asEMjB; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4884
connect.secure.wellsfargo.com/jenny/nd
200 OK 18 kB URL HTTP/1.1 connect.secure.wellsfargo.com/jenny/nd
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2293)
Hash 7792f98c2bb4615df41d95cde337436e
1d415497e770dc98e796d6ae4f20d40d4c6fb12d
2cea31b46897caf9a5065398eb8b84b8e620a027df5bc3dbe8e93fec5c547768
GET /jenny/nd HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Vary: accept-encoding
Content-Encoding: gzip
Content-Type: application/javascript;charset=ISO-8859-1
Content-Length: 18035
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ADRUM_BTa=R:55|g:79a87ccf-0125-424a-ade2-ac7c67b2ff06; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure
ADRUM_BTa=R:55|g:79a87ccf-0125-424a-ade2-ac7c67b2ff06|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure
ADRUM_BT1=R:55|i:302812|e:3; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure
ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=hagV25ixUA9fS4heK3TuHpu7KM5E2NgOsW1FtdwiCMw%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=0A2804E502A110F84E9E6A8ADF1BA279~-1~YAAQHk8kF8lUGM+FAQAAuziCIQnyDopexxDe0GZSKEaFdc+RkyvMwIu/HY4nt2VA5X5tbeTQrGpRfo1uI6AFwx3itX8fAP5JdNuuVFqSCOk403mi8m+e20MswXnNFkMM3Zv1Cerc9r6m+bj3L6eIKUAS4INPH50Wr/9AkqiiRhD2RDZ/ZmQl7V5VNefCX17o2AAwj/xMD79XO4q15iEWu7Q+myvS4Qv5XcKnyB+WTz6Ol+NY2/q2/+n6mOHQFw5IRtDP4yUcN6MjH9b8sQVDe6wXdweVPOghPq4ZlZ9boBweUwTxAtZKcF3GxD+tGcc17U/MgBOCYOAlf2yyUYnGqMOtRfRIrMi7g7N6N92r166vcgHR8/WJaBx5lyWmqIDo2w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:07 GMT; Max-Age=31536000; Secure
bm_sz=9CB830D25B54CA58B880DD2C2E80B44C~YAAQHk8kF8pUGM+FAQAAuziCIRLfmRbkTYUdUaiOOGb9NcBMTVj5kF87/Coz+LEEQZoaRIffmi3d/pDoxW4bl2WOXBOPYfzzD+afvYxy4jclc8wA1lQNdl7harTpj5m2lSJvFF1Y1msWICNT1tyCuOgY5mTSWG5lDmQofzGFzK8N+HBs9kFA1VpJVUFZ2WGWPtyrj1fdYNB9x8+qN89kQ5uleFr2izObIJZcXJNkvWkvUmwuEITAg1PAZTfufHaMSysQyjr5cFEmGjFlfcBXyCBrwMcB9FzSXebP0mWgokT9M1eMNVLN~4342338~3684409; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467505&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467505&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467505&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9oQD4PYfYOQ1ik5Wm0jYvGYPgoyVzVAoWLFRW4VmbR1znGPWuwaxr8WAhDTY+Vvq; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14577
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467500&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=2
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467500&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=2
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467500&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_oth_collegestepsrspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-254087-16%7Etcm%3A91-228643-32&promoSlot=2 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=bebohbQBZMuCiYJHq1LGsRFqxYB8yXzzXlQEracOXKFtOa9VHj+wDKan490NcHy2; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14576
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32&promoSlot=3
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32&promoSlot=3
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467510&offerType=iaRendered&slotId=WF_CON_HP_SML_PRIMARY&offerId=C_ent_carddesignstudiorspv_smlprimary&jsLogging=iaCallLog&device_type=DESKTOP&clist=tcm%3A402-242185-16%7Etcm%3A91-228643-32&promoSlot=3 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=9dMneXdTd+SvZYBK%2fzmcLfExh1UUQ6vHyLemenAF55HN8riRwUFnvYxJYIVvX4Vi; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15467-19766
connect.secure.wellsfargo.com/PIDO/pic.js?r=0.37380696497833255
200 OK 51 kB URL HTTP/1.1 connect.secure.wellsfargo.com/PIDO/pic.js?r=0.37380696497833255
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash fc0b8756206e5379ccc4890d92036958
18a9ddf71f373d5e799e35205ba49c6fc36f5ca2
190e78b1c17c22f6f755ac6811584a30fb5124a543120c3ca3172a1c2c70ae29
GET /PIDO/pic.js?r=0.37380696497833255 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 51155
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=GWjWylfN24KRxa2ltzwd2iSXcoWvR3p%2fp1hRYiChuBs%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467513&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
200 OK 43 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467513&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32
IP
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
GET /assets/images/global/s.gif?log=1&pid=702-224111-64&pageUrl=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&cb=1675599467513&event=DisplayMarketingSmallPromo&eventType=Presented&eventDescription=DisplayMarketingSmallPromo&clist=tcm%3A182-228910-16%7Etcm%3A91-223671-32 HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Fri, 24 May 2013 20:08:06 GMT
ETag: "519fc8a6-2b"
Expires: Sat, 04 Feb 2023 12:17:07 GMT
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Security-Policy: frame-ancestors 'self' *.wellsfargo.com
Set-Cookie: DCID=OoXrk86DKoAP6wJ1eIZKXosg5hkz+NtTLxxwJxsy55u4hMnITCQzgaAf2ROcd3WV; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-CDG-01nP5154:3 (Cdn Cache Server V2.0), 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4886
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 971 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Hash 5ddf967658e42fdae76f2c20a3ce5c98
26bfa2ae54babe5dd5058544b5e5cbb2e2a93f89
7ac1f51c524592fca03034f0c4cd95230f4b414797715fea49a1a408a2ecab3a
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:07 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 971
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-e11db452-7dc5-4cb1-b87f-ddef6946e1a2' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:62230fc1-14b3-47a6-a5bf-c9cdd4472933; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:62230fc1-14b3-47a6-a5bf-c9cdd4472933|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:97; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=7B5AA2F850BDB876A103F9D4AD75E6C4; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 12:17:07 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302050417071809556240; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:07 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!F39eot3a8gDqyYLC7cC95KsSl62XUW4WGGi79wWCS0bUzn8M8ETRG38LOa04LXbor+DVXNcrwlaHD+A=; path=/; Httponly; Secure
DCID=FxpIzQ8mKc5ZhmYJZvTazZLWK1icn+QwgU8LfjG4THsXLIkhE4MgTxQ9vRwLpFrY; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=80E76BD3ED3814A7E02D406DC471CC38~-1~YAAQjGpkXx10wcKFAQAAlTmCIQkqz2K7JFvHMywZDOQJBFgRKk7p3PWHBWuuwuYKakjG2MGrSIiWNTfwUJXanaSizqlP+Pe0+cbY+r+1vWfJBNbylHpFr6v1pWepQJl+GFyLGuKLJNhW67JxeAoSS4XRg/pcF8JhpDnydOK5aystG/3oJ2tKhvPHbnJL4+w2Bvlv73Mya06WeP5UPSnXLnOF8q92uVTiFv1mfgPBbV8nJc+1AeuQwNrq/xPsqFPoAMyIbcNornrOvN67Qmw2CNEFBGH+3K6K3CVe572kycN7VCHMZx0SeWMbIGqKPVT2odVDbcWVyJEp/rI4S1bNIO2QMfywUtOl5ATdwCBzP08xmBPzY+2Jdi+oBDnMwwcj7A==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:07 GMT; Max-Age=31536000; Secure
bm_sz=3E92BC0EFF236F62DB715803404EBAE2~YAAQjGpkXx50wcKFAQAAlTmCIRK+htveZBtqsikY6O65VfDgB77VoR3cMM99MkWg47dlhN9njul80ei/sH4O4/j6Ill6W/VT94Z4gqlXl1P+kz9F7iIQtSKFpMC1AXG39R2L8WNSt7dVlcOu8gY0ix860fLu7VWN7oCx3jD6USLI0yZm2ywmwaAVrMXEre0G1qBGm4mZeyD1cUDjBFzH96skHMpPsaGyEZ5GJYKrUC2xravFOSqU6FAnDYPeN9weXQvnSUJNLKMoAZYO02f42jCHn22rwtxPNCLf6wPIz/CeQPsbqXh5~3290932~4338753; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15556-39444
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 968 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2442), with no line terminators
Hash aa3690d6256595cc72118b8b11f2f195
55e0a04d079035312282f65d213f9540c52e4664
30021b8ac97813cd037fc62093f2e0c0fb21b44afd059a9ce374a1097e33f141
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 267
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:08 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 968
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-17e76e00-ae36-4b3c-90c5-7a33ee760dfd' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:b9bf79fc-43c3-45d5-a284-7e00fa014f9c; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:b9bf79fc-43c3-45d5-a284-7e00fa014f9c|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:68; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=EE866E2FA391E3D7473FA60D50AAAA47; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 12:17:07 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302050417071090710887; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:07 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!9MbCmGIxRF7AihsGl7IZxfIs0wroUT2pYiZHXTyAXwltGQYQjY4Eeu/G8g45nQAffxqWv9n8M8+CBnE=; path=/; Httponly; Secure
DCID=RM0fxTLfPboZ2gP1xaTiwpU9Dm50B+Ww7x8C5ybQ0Xk%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=2F693AC49FD26F013F855D8CEDC738EE~-1~YAAQvWpkX00absWFAQAAnzmCIQn0h6F0Tdi2cEiOl8ht/8KwKW1AuUV56TRYdkbjdeMEXtYjec7Jd8lrTy1gTkC5BW+GuXKsrkHdz1NNcsmi/kYSAERSRZ90NQKRhgIf2zAP22p8QxHBTQH/iXoob9IoCjuy11UkFrL4z+H0SnY4p9dBLZCkRbDdeTepS1S5RQChVwBY7STUQ92ya9uGxuDfm/O7OQRWSXO3fPlG+7MPfBZ0djPD97QkKtYaH6C1LygicgEZn2bg4dAQfgaSYygnUrwRTmzrJYAL8046lCQn1Yq1qe7qFO93xUojYEhC1cGvPt22JIKJn5L7EAoqdaWSp5599nlmTQ1GUHzZ/XOl0bWINrq1zwTlUuIGBPS89Q==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:07 GMT; Max-Age=31536000; Secure
bm_sz=5DB248A538DCFB7BA582C80E5C1237E8~YAAQvWpkX04absWFAQAAnzmCIRJt7S8rvPudGkGtu4nzlT9UQk8hhLaOwEdw9338a8Z3NIqFvjrJ+5ZOmVkgeXBkbDZKoV0ZO0XPhua1xByDXahGtjC5BlYp1gRS+6AT3wcB2icJLJnhXymiwdO8A3iiKk5O4NvDB5XTwxv5zQRIdSKbpAknXeoYhZ1QDxPQs3b9AR01ER5mkv4tAcgCpwiSG/y5Xe6VfU3YonAUdT2zuf9MpnZ9STG0iELq4+8S+zcDff6BGBhDFMPPZFMNgoTc41r8+V+qPaE0ICqftry8/0iG5sDo~3290932~4338753; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14400
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15569-4888
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 940 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2358), with no line terminators
Hash 8418ebee165c11e05c7dfccee66b9d40
f56ce86871cfb626a29ad4e5ef80eefd68e9d655
1cee2805d2066afe68385b41f6d0cd1110dbbe2b812de03a1a8139523b4a03bb
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 262
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:08 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 940
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-1715a3b6-82ad-493d-b8dd-6c5491e5c3b9' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:9f448664-ab4b-4338-82dc-a885cd0aa7ce; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:9f448664-ab4b-4338-82dc-a885cd0aa7ce|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:83; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=CCABCFB90537D500C26B66D352A591BE; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 12:17:07 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=1120230205041707909454408; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:07 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!IhR1i8xk1wApBprC7cC95KsSl62XUbCgAhTx9oRiRNRyvKxzqfzqEu79+yh+u2ftoJT7jVCRic+FvAQ=; path=/; Httponly; Secure
DCID=9ZVqN1p5x3utcIuWp6XMT5XSPb3JOb3GoFd4LaljZs6fW1RAxVQtnsRMWNZlURNV; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=48926735390D3D9AFD6DAA469DC21C8F~-1~YAAQjGpkXx90wcKFAQAA0TmCIQkYjpuLNdm1oRAKXzJwTJ3ueVdK9HFd58zeQvMDs71L/h7v6DYqz/jf71mE4y6+fkx2FNP1hnwiQVdyBcvUYpugtsPBQo+BJH35VHsCQ1E2cvLGl1VE3EKFJOz5QE3DfjtvFmmcq95EqKEQg72TWkU/VykJbaN6WVCqtzxw1leOrKYtsd2S81zy2PGznlNGc232knjGeHhNCteLHrKWguloGb/N/zobpLWdAakmsMrp9b4o/sqXRcHPuz3FC3r4G8tBhNMHAbPxb42X4gjSjC6TWE/xLufu5/riHVBRdqmd1BGvVF3Xzg+bAWUk1eKp1MWqEQUfBhNNEtsrlnTCmHE7kY4E11DGg2r0/FyTbA==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:08 GMT; Max-Age=31536000; Secure
bm_sz=C25D1488C70F89E45446EF25D4EF7778~YAAQjGpkXyB0wcKFAQAA0TmCIRLEJotnKbknL+L5hFLJ9U2w5bIxNCweKfFe5expogiWKHG4BODmKqkmWYb0TydxowBsLzKvSiaAUeM4kmHk6SAHa4PVv4WyB/lBZK+jPRByiJM52bhohNt2XQSiXVh3IoPtFutfI1EB88yiyMaw3vxjhd8DKYxSYWnvL711EvTGIQeSZ2deCnMvGMGZgy/rmQmnI7YR0D+zmeCo7iQfubA9DJJ7GE9goq7EHKq+Np4O44RmUHNJ4QDO+8DJyZ/IEwsHGKdlr7d8p+Q+kiZ/5tDx3IGx~3290932~4338753; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14578
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
200 OK 970 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/as/target/offers/dispositions
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with very long lines (2441), with no line terminators
Hash 4a52924683deb093f5fb8cd7478f0c97
6dd62abcab2d7a811ab1b433fdd68c6206d695a4
e3f9cb86b6ac173dd8549d4ccd8806139260fcbe66961def84356fa1f7242fd8
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /as/target/offers/dispositions HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Content-Type: application/json
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 266
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:08 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 970
Connection: keep-alive
Content-Security-Policy: default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-2dd54241-9379-4b6d-8ae1-0a822f90393c' 'self' https://*.wellsfargo.com https://*.wfinterface.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://s.yimg.com https://sp.analytics.yahoo.com https://cdn.schemaapp.com https://www.knotch-cdn.com;report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0
Expires: -1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Set-Cookie: ADRUM_BTa=R:27|g:93f3721e-1da2-4817-b16d-7ad592545b2b; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BTa=R:27|g:93f3721e-1da2-4817-b16d-7ad592545b2b|n:wellsfargo-prod_43732a1d-9afc-4e95-ad69-f4ac78c780a7; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
SameSite=None; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
ADRUM_BT1=R:27|i:206917|e:102; Expires=Sun, 05-Feb-2023 12:17:37 GMT; Path=/; Secure; SameSite=Lax; Httponly
wcmcookiewf=F5D83AEE463620D458B5EC9828C3FEA0; Domain=www.wellsfargo.com; Path=/; Secure; HttpOnly; SameSite=Lax
INLANG=EN; Domain=.wellsfargo.com; Expires=Mon, 05-Feb-2024 12:17:07 GMT; Path=/; Secure; HttpOnly; SameSite=Lax
wfacookie=11202302050417071942182715; domain=.wellsfargo.com; path=/; expires=2 Feb 2033 12:17:07 GMT; secure=true; SameSite=Lax; HttpOnly
ISD_WCM_COOKIE=!BNJxtIVIwRMkgR/Xcg3V8rzrEPW+GeXA/L3kq3vhdeEdP9FNrKuLNXtmZkf3Wb6dI3KlvgAUvRbLMDg=; path=/; Httponly; Secure
DCID=5oj8oWarOX84AUdYhYfXO7xekOkjVopJVeRt287smc9FgUUWC10GPgA5+n9NcouV; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
_abck=9BB33D901D6D97A5992389EC28D19C6F~-1~YAAQvWpkX1IabsWFAQAAFTqCIQlK9pBX7qL5c9mM1MSeMrVtHkxC6p6SvBzJsYIfnFYL3BqZyErL7wOuoh4hnQnpuKlYnkI6o9+GPrFbX4Bhjq5lOtYEawyW1RpK2WmN7fYqDNKjbFZBgtkhcPrBL/fQMae0k+qBS1NHPHSA2RsOwgmH6kHg6GGs7OmHgEqQRdNcZxASL9zqtBE2N58geeKFQTmdkMHDW75/3YnruV5yiJxNfTY8PiZL/wp1xHLqDMCdVnbd55HQI0O8f4mYbOcBnzy88LQb8+Kdxq4IQG0T3WRy/EaJfXAJlPpS5Ckgjh2hBoI6VEJxsLV3XfqBgHJHdHQzJCzqiSdm0Qjvn9JAsphG913w330rlEuKPsmm3g==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:08 GMT; Max-Age=31536000; Secure
bm_sz=03B1786BE2F9DE9165F3417973C9AF96~YAAQvWpkX1MabsWFAQAAFTqCIRJI89uiAn+IU6EA1ryYlAkgGIoju7XT1gXl5H6OSJY5VvD35bXRVhuMoMzgafxEjPp0uS+Qr4ltkfFFOzQbu/82lxS7gvdBGhuo6mUp2z+dULv5ycEAwmQ5Ndo6HMNVYlTy8vAIlLGPiUP2/Ta57nDRTBqatgwxE1JoWykOM0lCwhMWaVC1yqi+ANT9X95AOzsb0cBxrfyxV4q9WPal2FMXUCJBF3wSuMr1CwlGf7IszQ0okdpy5Ew/uAVA4WPkUApK6+NivNcqVdtxKo4akh3aAYZs~3290932~4338753; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:07 GMT; Max-Age=14399
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Via: 1.1 VM-ARN-01cnE31:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e43_VM-ARN-01cnE31_15447-14579
connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.647808849374512
200 OK 149 kB URL HTTP/1.1 connect.secure.wellsfargo.com/AIDO/mint.js?dt=login&r=0.647808849374512
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 149 kB (149258 bytes)
Hash 280fc25d0045859f370091a70e1b8636
b19a0014a0ec97b68b2e291bfcc1c7028357bb92
c13778a73f0b85d5659fd88ce31b995486b6e997dae15a55e2d99434a7534041
GET /AIDO/mint.js?dt=login&r=0.647808849374512 HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 149258
max-age: 0
Expires: -1
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 12:17:08 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=VLaqbZDRi0pNCyZlll4Hik4pc7wm4xc0TtYWK9i8aNw%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:07 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1675599467337&cv=9&fst=1675599467337&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1675599467337&cv=9&fst=1675599467337&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/984436569/?random=1675599467337&cv=9&fst=1675599467337&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/984436569/?random=1675599467337&cv=9&fst=1675598400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1563621345&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 12:32:08 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 721c3f2797fcac86eff0c208d119cba7
d9f8bc5796e32c8679f440a4ed55b2e389cc7345
fc2c30fe66b2dd2d05f7a2d76b5ad9b3689c2f8439d14921fc70b190e9944c37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4899
Cache-Control: max-age=166617
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:08 GMT
Etag: "63df72fa-1d7"
Expires: Tue, 07 Feb 2023 10:34:05 GMT
Last-Modified: Sun, 05 Feb 2023 09:12:26 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-107148943-1&cid=1196215429.1675599467&jid=58514563&_u=4GBACUAKBAAAAC~&z=218179887 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 05 Feb 2023 12:17:08 GMT
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/984436569/?random=1675599467337&cv=9&fst=1675598400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1563621345&resp=GooglemKTybQhCsO
302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/984436569/?random=1675599467337&cv=9&fst=1675598400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1563621345&resp=GooglemKTybQhCsO
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/984436569/?random=1675599467337&cv=9&fst=1675598400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1563621345&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:17:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/984436569/?random=1675599467337&cv=9&fst=1675598400000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww--wellsfargo--com--tn49329d48d6c.wsipv6.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=1563621345&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 721c3f2797fcac86eff0c208d119cba7
d9f8bc5796e32c8679f440a4ed55b2e389cc7345
fc2c30fe66b2dd2d05f7a2d76b5ad9b3689c2f8439d14921fc70b190e9944c37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5026
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:17:08 GMT
Last-Modified: Sun, 05 Feb 2023 10:53:22 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
200 OK 134 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/dip/v1/dip
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash c3d6d814468c839e74b7859ecadfa9cd
192c3262f0d0ea554e9af09d26b5449fe994eda1
04280047d7321dce7c1a38ad5c1eec5257738b59f0df8f5c89c620a7bab19f56
Analyzer Verdict Alert openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/dip/v1/dip HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
ADRUM: isAjax:true
Content-Length: 2010
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D; ndsid=ndsad7qu6g9tfgjldrcns4b; ISD_WCM_COOKIE=!BNJxtIVIwRMkgR/Xcg3V8rzrEPW+GeXA/L3kq3vhdeEdP9FNrKuLNXtmZkf3Wb6dI3KlvgAUvRbLMDg=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 134
Connection: keep-alive
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
x-envoy-upstream-service-time: 9
X-Akamai-Transformed: 9 206 0 pmb=mTOE,1
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=g3qgAXqTt4CYIS6WiQOBH3xNlyvfECJRjW6nSBPxP30ugt5HhfDpvGhlMGvGtu3V; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:08 GMT;Httponly; Secure
_abck=CB18DBAF809978CF4FE669E888BC86FD~-1~YAAQjGpkXyR0wcKFAQAAezyCIQnmoeob5wbQTN80JVBQ6JeMif30mkejjZW3IarVJyQddYZ8oOVQG3l8sY6X0cCtEb/saVe+3LxTbHHYNmWqtVP97Xghuv8Kbm2Zp/fxfeOnDP9acZ2CccI1ycktkswRi5pC18U6TnzjbNUEGVWP0xCduZUmsbl45j3FjPNxL9r5difV5UyuQLKX4w+fbg+Lxm0e0rAYFkrbpGzmNTjEx9baYManyfGT/vFgnCMnzo1IbEi2DHgeXw3hDwyoSW5DciniXFKYrfus56bC4R+UIGYKirhb4zhUVb0aZRhw18pdwmqAEJG/IEDguVfqhz088Ae/PZnggeeGjPUVaAEtCAMulv2Osd/H3Ngk5UUf4w==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:08 GMT; Max-Age=31536000; Secure
bm_sz=3D58E25FD82E409629AB5AB4715177C2~YAAQjGpkXyV0wcKFAQAAezyCIRK5q3V8qIuWRYllyyl8ruw/vGT56bRXPi9o4fyYkWp8+3jPOo32bPE+oBoqzMycybVElas1r8yWCahWsLGMcRcmaf0qvtcJEjn7DL+JFt7BSvLePTRhaLzvQ4dnXgHQuQTg0hCQeg8TpKoiPmQaFExISdmDhuE/ISVkBAhdsEscw3n4Vq2UQQ/+cXHyWQs9I345anL+HzKGFJUwr0iv2x8C/1icJhrBOnucWCcLS9fgjjH8YbNEmsJ69QOSaZRE9aoqJf8soN/5FLZmYzYTJ0baeMrT~3753026~3552816; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:08 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:4 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e44_VM-ARN-01cnE31_15569-4904
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
200 OK 265 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?m&fq=load
IP
ASN #54994 QUANTILNETWORKS
File type JSON data\012- , ASCII text, with no line terminators
Hash 56242ef2dd413ccae9920ad565e1dc96
657b026b6a1e1d4a80cdf96d7c47bf4135af7e35
2c566790af9afda548fe2896e70f47fc0daf30f37eaffd430b8998d917a054bd
Analyzer Verdict Alert openphish Wells Fargo & Company
POST /dti_apg/api/imp/v1.0/report/?m&fq=load HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 648
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AUSe32MAAAAANMKWV82t8S9IJtP7GDqt%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A10000%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D; ndsid=ndsad7qu6g9tfgjldrcns4b; ISD_WCM_COOKIE=!BNJxtIVIwRMkgR/Xcg3V8rzrEPW+GeXA/L3kq3vhdeEdP9FNrKuLNXtmZkf3Wb6dI3KlvgAUvRbLMDg=; _imp_di_pc_=AUSe32MAAAAANMKWV82t8S9IJtP7GDqt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:09 GMT
Content-Type: text/plain
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=TxegN4FFEbkOKG+p6K%2fa6XyOgnvW6eZYfWI9KUWurDLN3+HIxK4zvYK2+8q3MXrP; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:09 GMT;Httponly; Secure
_abck=0E304B3ED4B419EFD51F5EAD3DE64D95~-1~YAAQvWpkX30absWFAQAATECCIQl2ZrimJOFku22Vn62T3qmPFTcEHiop7wRVEq3av0ExTDII8hbQlgxghKv6Wm3WaiZS9rmqmgdmto+BwRQS4ZT+3OR4bA4g71quJyl19G5uVqcJrZiQi+d04FCVM0Yqy2y2Ys5WuFqq80Zr3/5pprU0hOfRz9Ue6uviBQXg/RG+s0ogU8JhaAd3PMWj/XM4jjZb9Pnw7XMnVgSHFVLB5Cd87ejp45qjeYLvfOLrNQwbiQGcyjzE/tnq+YifnXAhzXX6CdAsemi7fYTQWd59DZcgFNnKNCEC4+T2AbI7DSwCeEnBDjNvm95gtW0ixLMjn8bVUovLBlx9t0g+TmauKLXgejxjhAgjW2MR/u6vMg==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:09 GMT; Max-Age=31536000; Secure
bm_sz=24D58E2C8B3E4DB573ED4F2BAEE41E20~YAAQvWpkX34absWFAQAATECCIRJAJpfk16MhvDMtTbla1JOOTZhlALG+9XSOkVaTzgjheM3H+CkYTp6syLQRtOMabQUrbe03LIbhXv6ww7ashtUVh/tKe0ZL0ymmvjsf9cuNvujGSU1Ows+wYuS54U9J+qH1igLvpd1q0xoR2xHnaB67T+gW2odQ6aDMwkjkfZ2EzcPLhXPfnuZhNGZnqW+6j72cRG350yD47f9QVWXqK5iQLgP/9O/IZX7eiw0JPpPyN3hBQjNlB+p5/kx6+rmd8xyEHjlK16a9amHNxTz37C6ExLUI~3160369~3686964; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:09 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e45_VM-ARN-01cnE31_15569-4913
www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
200 OK 0 B URL HTTP/1.1 www--wellsfargo--com--tn49329d48d6c.wsipv6.com/dti_apg/api/imp/v1.0/report/?x
IP
ASN #54994 QUANTILNETWORKS
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Wells Fargo
openphish Wells Fargo & Company
fortinet Phishing
POST /dti_apg/api/imp/v1.0/report/?x HTTP/1.1
Host: www--wellsfargo--com--tn49329d48d6c.wsipv6.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/plain,*/*;q=0.9
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
content-type: text/plain;charset=UTF-8
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Content-Length: 296
Connection: keep-alive
Cookie: ISD_WWWAF_COOKIE=!spe08BmYsTmftHAv/BdPMOHVwv+ySb4TbPYth8XtlcbMQMtTKr2vaJzpxe14Ov3LNrw/FOKMuo82DnA=; utag_main=v_id:01862182cc6a001de4c85f271d4f00050003700900918$_sn:1$_se:2$_ss:0$_st:1675601266720$ses_id:1675599465579%3Bexp-session$_pn:1%3Bexp-session; dti_apg=%7B%22_rt%22%3A%22DQAkZ5lLmjLL8Cmqn3HhgOdUJceI%2FiOT2j1W%2FCr1suo%3D%22%2C%22_s%22%3A%22RhtTf%2FgL0SrPKwXdtV9umH7%2B%22%2C%22c%22%3A%22WUhiRW1jeXUxcjlMYVNsbA%3D%3DfrQjCAUvfVRBNC67E1_IWCHhGShNgXthXKhaEGcGYFKBRBz7Yp5BueHx-elthYP2KRfULal7BXK10bnGHkatzuHuXWm6xlTrnl0%3D%22%2C%22dc%22%3A%22ine%22%2C%22mf%22%3A0%2C%22diA%22%3A%22AUSe32MAAAAANMKWV82t8S9IJtP7GDqt%22%2C%22diB%22%3A%22AYYOpcV5f1GoFBFrMLCX8tvA0ZV0Ouy9%22%2C%22_fr%22%3A20000%2C%22fr%22%3A%22fOnku8trS8SeNiUM3XLfAw%3D%3DfB5X2k3q9opsba0hYDPmXvg-KEeTz7eE-c1UdmFg4fzUowsYaAFglBVGXGK2i5RR8iFJKXvY0zksaFzimfvt0l_zfZfh7t98io9jSTAC8FF94gy8ViKeG_wlqUFk_YDwLqQ4GkUk9hnBquRs8hfCwi7bLJ3WumloK2kW0rujCbKbyN5Q43JVe6kM%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VRDfSU7BGi33EE9Eg%3D%22%7D; AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg=-1124106680%7CMCMID%7C08005163885742793421790353198218984795%7CMCAAMLH-1676204266%7C6%7CMCAAMB-1676204266%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C533804630%7CMCOPTOUT-1675606666s%7CNONE%7CvVersion%7C5.2.0; AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg=1; _cls_v=c7c02c4a-ed92-4b9f-9b6e-8470eaa0ef7e; _cls_s=5a54b640-db48-4542-8761-b7f19adb32fc:0; _gcl_au=1.1.1962664069.1675599467; _ga=GA1.2.1196215429.1675599467; _gid=GA1.2.1205926927.1675599467; _gat_gtag_UA_107148943_1=1; LSESSIONID=eyJpIjoidmdvMnVcL2Via3hKUWNQSWxGaTlsWEE9PSIsImUiOiJJd2lvYjRLM3VGdUNuWlgwR2wram5vbys0YkNXRVdHaFh5UEoxTGZtQWJQVU1tUjdIMnpWd3RSK1wvTGJMRTNMbEVkRWpzcjZ6Y3d5UjlVTjFEZGRsNjlYTnYzSnV5a3JkcXJCS0ppeHlWUWloOVo1alFZUENHSUJWTWZyY3Z6RGlLMm9maHR0bStRRG11REtJa0pXaGVRPT0ifQ%3D%3D.b5c931c9362dea23.MDYzMzg3N2RiN2I4MGUxMjcxY2FkNmU5MWU1NTY1ZDZmNTQ4MzFlYTk2NzI4NTFkNjVhZWNhOWFmODcyYjg1Mg%3D%3D; ndsid=ndsad7qu6g9tfgjldrcns4b; ISD_WCM_COOKIE=!BNJxtIVIwRMkgR/Xcg3V8rzrEPW+GeXA/L3kq3vhdeEdP9FNrKuLNXtmZkf3Wb6dI3KlvgAUvRbLMDg=; _imp_di_pc_=AUSe32MAAAAANMKWV82t8S9IJtP7GDqt
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 12:17:11 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: OPTIONS, GET, POST
Access-Control-Allow-Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: DCID=bBwND1wE6wjlxZJUiyq9D2L1T8vLwkDXpkg5OopOqEI%3d; Domain=www.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:11 GMT;Httponly; Secure
_abck=B4C1CF9FA8204D537A1BF19917D9F8B6~-1~YAAQvWpkX7IabsWFAQAA80eCIQkQVoarmSAHG3Xoew2XcdPIwrJOO3zy+m4khD3NLOwp4V5jjW4bvwsiOiLblXKzmBU143RMEhvNH3v5wtTJH8wfAg06pcMpoTRADu6aahBPTpQzdW2fEOQtVESke6jIaJDWVJriKsszgCzWkw5dGzS5uqi8sK42GPimhlzgTZZVHcNZBnYYbg16g85G0id9NceqMVszoovJeQAWoUjUZ47a+B5abVal757QJuImgF60adM1fNgBmCLYZ+wqcEQQ9AC/GYgpSBa7NDYU/XjuuXC/zieaq9MxYcjgoUvwKZbZ6bfKQgXl3KRNTAyjbKTogAnO1Qw7dB12GARcTVE3kmG1rtBymoWmZQsA5FKxOQ==~-1~-1~-1; Domain=.wellsfargo.com; Path=/; Expires=Mon, 05 Feb 2024 12:17:11 GMT; Max-Age=31536000; Secure
bm_sz=66D44B12BCEDA05A9ECF25047D403A9B~YAAQvWpkX7MabsWFAQAA80eCIRLMv1KCzn2sAn/+7dbSnrfvqkeviYA9z8LTuWQQJZ8XNLYMAokO6qVt6Tl6dLCgqlQR1W3xpN7v7KeukRoaDTJkZhmYnS2AhoHAwX60ql/fpknBvgq8S34eNcaA49idtf/C4tHCiheALHqXyxJcE4HQfbM8FxUJviTZDWDTBRl5RM7u2joyC6i82kaybcq8m0WzdW/hkAO4vHaZhvLC6xElguNov91GV1w2/26xJtlN5i06iUN0k8Nd8GJVF9xapO+JBIKw1s1BqFvbcOTAVukwhx5f~3294258~4471110; Domain=.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 16:17:11 GMT; Max-Age=14400
X-Via: 1.1 VM-ARN-01XDr43:1 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 63df9e47_VM-ARN-01cnE31_15569-4946
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum
IP
POST /eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/adrum HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Content-Length: 13149
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:17:08 GMT
content-type: text/html
expires: 0
set-cookie: ADRUM_BTa=R:55|g:650a32cb-1a5b-4a0e-a5bd-fbba4b5f33b8; Path=/; Expires=Sun, 05-Feb-2023 12:17:38 GMT; Max-Age=30
ADRUM_BTa=R:55|g:650a32cb-1a5b-4a0e-a5bd-fbba4b5f33b8|n:appdynamics_eee1d4f8-67a2-498e-a725-47e29803822e; Path=/; Expires=Sun, 05-Feb-2023 12:17:38 GMT; Max-Age=30
SameSite=None; Path=/; Expires=Sun, 05-Feb-2023 12:17:38 GMT; Max-Age=30; Secure
ADRUM_BT1=R:55|i:559461; Path=/; Expires=Sun, 05-Feb-2023 12:17:38 GMT; Max-Age=30
ADRUM_BT1=R:55|i:559461|e:14; Path=/; Expires=Sun, 05-Feb-2023 12:17:38 GMT; Max-Age=30
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js
IP
ASN #20940 Akamai International B.V.
GET /auth/static/prefs/login-userprefs.min.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; report-uri https://ort.wellsfargo.com/reporting/csp
Allow: GET, POST, OPTIONS
Access-Control-Allow-Methods: POST
X-Frame-Options: SAMEORIGIN
ETag: W/"63d032c2-172f"
Last-Modified: Tue, 24 Jan 2023 19:34:26 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sun, 05 Feb 2023 12:17:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
WesdAksn=AzczgiGGAQAA2hFdg4fNzcDaRzrN_bNrNMr3agurlM3hS2XtKatJeRaFNQDSAVtaKpqcuDv8wH8AAEB3AAAAAA|1|0|1ffd855d8a6b5248e777509b1f0a2b2e177dc490; Path=/; Max-Age=1577847600; Domain=wellsfargo.com; Secure
DCID=8LtJ8HLKTCwcds6i2dls6L40FCwhhTrizuPILTZAdkc%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/vendor.c8097827d58cdc727a2c.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 365187
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-59283"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=OROMTWXGmmGFdzkI+w6rFli3B7e9EyclD5AQ+RDBliPUdUXNnZxLCsk%2fPviGbjFS; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M50 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:17:07 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/main.c4eb3419682ffa818284.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 299256
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-490f8"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=rw7B0Jz8gP7neoEobFmLda8GlpJfcJkkA+bJ0W2hyFuFOxYtKnhJGbw%2fyBR7vvPB; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
200 OK 0 B URL HTTP/2 pdx-col.eum-appdynamics.com/eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51
IP
GET /eumcollector/error.gif?version=1&appKey=AD-AAB-ABJ-PZF&msg=Assert%20fail%3A%20M51 HTTP/1.1
Host: pdx-col.eum-appdynamics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:17:07 GMT
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
expires: 0
pragma: no-cache
vary: *
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept
x-envoy-upstream-service-time: 0
server: envoy
X-Firefox-Spdy: h2
connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
200 OK 0 B URL HTTP/1.1 connect.secure.wellsfargo.com/accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js
IP
ASN #20940 Akamai International B.V.
GET /accounts/static/7M/accounts/public/js/wfui.8f9cf4ffa67837217dd4.chunk.js HTTP/1.1
Host: connect.secure.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com
Connection: keep-alive
Referer: https://www--wellsfargo--com--tn49329d48d6c.wsipv6.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 310941
Last-Modified: Wed, 30 Nov 2022 23:48:22 GMT
Vary: Accept-Encoding
ETag: "6387ebc6-4be9d"
Content-Encoding: gzip
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET POST
Access-Control-Allow-Headers: User-Agent,Keep-Alive,Content-Type
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: GET, POST, OPTIONS
Access-Control-Allow-Origin: connect.secure.wellsfargo.com
Cache-Control: max-age=10368000
Date: Sun, 05 Feb 2023 12:17:07 GMT
Connection: keep-alive
Set-Cookie: ISD_AB_COOKIE=A; Max-Age=7200; path=/; Domain=connect.secure.wellsfargo.com; Secure; httpOnly
DCID=i4VHuYTUp2hllzafk5GTrnp6awGH4C3ERISf9hzEPPA%3d; Domain=connect.secure.wellsfargo.com; Path=/; Expires=Sun, 05 Feb 2023 12:32:06 GMT;Httponly; Secure
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
163.171.134.56
34.120.5.221
34.251.149.144
23.36.79.9
104.18.32.68
157.240.221.35